Glossary of Terms

ABAC: accrual-based accounting

AD: administrator

AG: Advisory Group

AHWG: Ad-hoc Working Group

AI: artificial intelligence

APF: annual privacy forum

APT: Advanced Persistent Threat. This term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information, but applies equally to other threats such as that of traditional espionage or attack

APWG:  Anti-Phising Working Group. Non-profit global pan-industrial and law enforcement association focused on eliminating the fraud, crime and identity theft that result from phishing, pharming, malware and email spoofing of all types

ARET: Awareness Raising and Education Team

AST: assistant(s)

Awareness raising: Awareness is the ‘what’ component of the education strategy of an organisation which tries to change the behaviour and patterns in how targeted audience (e.g. employees, general public, etc.) use technology and the Internet and it is a distinct element from training. It consists of a set of activities which turn users into organisations’ first line of defence. This is why the awareness activities occur on an ongoing basis, using a variety of delivery methods and are less formal and shorter than training.

BEREC: Body of European Regulators of Electronic Communications

CA: contract agent

CA: Certification Authority. An authority that carries out certain management actions related to digital certificates, e.g. issuing, suspending, revoking etc.

CBU: Capacity Building Unit

CE: Cyber Europe exercises. The Cyber Europe exercises are simulations of large-scale cybersecurity incidents that escalate to become cyber crises. The exercises offer opportunities to analyse advanced technical cybersecurity incidents but also to deal with complex business continuity and crisis management situations

CEN: European Committee for Standardisation

Cenelec: European Committee for Electrotechnical Standardisation

CEP: cyber exercise platform. Set of machines and networks that provide the possibility of training technical skills and practise the participants’ knowledge in an online way

CERT: computer emergency response team. CERT, refers to a group of IT security experts, that provide reactive and proactive IT security services to its customers. One of the main services is incident response, meaning to reactively respond to IT security incidents, mitigate the damage and resume normal operation

CERT-EU: Computer Emergency Response Team for the EU institutions, bodies and agencies

CII: Critical Information Infrastructures. Information infrastructure (like networks, hardware, software, etc.) that is critical to the functioning of a nation or country, like IT that supports health- or energy-sectors.

CIIP: critical information-infrastructure protection

CISO: Chief Information Security Officer. Manages information security implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources. In some organisations only an Information Security manager exists

Cloud Computing: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction

CoA: Court of Auditors

COM: European Commission

CSA: Cybersecurity Act

CSCG: ETSI CEN-CENELEC cybersecurity Security coordination group. It is the only joint group of the three officially recognised European Standardisation Organisations with a mandate for coordinating Cyber Security standards within their organisations

CSIRT: computer-security and incident-response team. Computer Security and Incident Response Team. Other term for CERT

Cyber crisis: Critical situation that involves information and telecommunication structures or facilities and can damage them and provoke a reduction or the discharge of the services they provide

CyCLONe: Cyber Crisis Liaison Organisation Network

Data Protection: Laws and regulations that make it illegal to store or share some types of information about people without their knowledge or permission

DG: directorate-general. An organisational unit within the European Commission

DG CONNECT: Directorate General for Communications Networks, Content and Technology. An organisational unit within the European Commission. DG CONNECT helps to harness information & communications technologies in order to create jobs and generate economic growth; to provide better goods and services for all; and to build on the greater empowerment which digital technologies can bring in order to create a better world, now and for future generations

DPA: data protection authorities. Independent body which is charge of monitoring the processing of personal data within its jurisdiction, providing advice to the competent bodies and hearing complaints lodged by citizens with regard to the protection of their data protection rights

DPO: data protection officer

DSM: digital single market

EATA: European Automotive Telecom Alliance

EB: Executive board

EC: European Union Commission. Other term for COM. The European Commission is the EU's executive body and represents the interests of Europe as a whole (as opposed to the interests of individual countries). The term “Commission” refers to both the College of Commissioners and the institution itself

ECB: European Central Bank

EC3: European cybercrime centre, Europol

ECA: European Court of Auditors

ECB: European Central Bank

ECCG: European Cybersecurity Certification Group

ECSC: European cybersecurity challenge

ECSM: European cybersecurity month

ECSO: European cybersecurity organisation

ED: Executive Director. The senior manager and legal representative of the European Union Agency for Cybersecurity . The Executive Director is the Authorising Officer and the Appointing Authority of ENISA in the meaning of the Financial Regulation and Staff Regulations respectively

EDA: European Defence Agency

EDO: Executive Director’s Office

EDPS: European Data Protection Supervisor. An independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies

EEAS: European External Action Service

EECC: EU electronic communications code

EFTA: European Free Trade Association (Stockholm Convention) (Iceland, Liechtenstein, Norway and Switzerland)

eID: electronic Identity. Identity of a physical person in the digital world. It provides personal information about a person that can be accessible through digital services

eIDAS: regulation on electronic identification and trusted services for electronic transactions in the internal market

Electronic Seal: Data in electronic form which are attached to or logically associated with other electronic data to ensure the origin and the integrity of the associated data

ENISA: European Union Agency for Cybersecurity (formly known as the European Union Network and Information Security Agency)

ERA: European Railway Agency

ETSI: European Telecommunications Standards Institute

EU: European Union

EUIBAs: EU institutions, bodies and agencies

Europol: European Union Agency for Law Enforcement Cooperation

eu-LISA: European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice Europol European Union Agency for Law Enforcement Cooperation

FIRST: forum of incident-response and security teams

GDPR: general data protection regulation

H2020: Horizon 2020

HoU: Head of Unit. The mid-manager who is in charge of an organisational unit within ENISA

IaaS: Infrastructure as a Service. In Cloud computing, IaaS incorporates the capability to abstract resources (or not) as well as deliver physical and logical connectivity to those resources. Ultimately IaaS provides a set of APIs which allow management and other forms of interaction with the infrastructure by consumers

IAS: Internal Audit Service

ICC: International Cybersecurity Challenge. ENISA, together with other regional and international organisations, decided to design and host for the first time the International Cybersecurity Challenge (ICC) in 2022. The aim of the challenge is to attract young talent and raise awareness in the community globally on the education and skills needed in the area of cybersecurity

ICS: industrial control systems. Control systems used in industrial production like SCADA or distributed control systems

ICT: information and communication technology

Information society: The information society is the society, where low-cost information and data storage and transmission technologies are in general use. This generalisation of information and data use is being accompanied by organisational, commercial, social and legal innovations that profoundly change life both in the world of work and in society generally

INT: International Cooperation Team

IoT: internet of things

IPR: Intellectual property rights

IS: information systems. Combination of information technology and people's activities that support operations, management and decision making

ISAC: Information Sharing & Analysis Centre. Trusted and specific entity which collects analyses and disseminates alerts and incident reports, as well as it shares and provides analytical support to governments and other ISACs

ISO: International Organization for Standardization. The International Organization for Standardization develops and publishes International Standards

ISO: Information Security Officer. See, CISO 

ISP: Internet Service Providers.A company that provides use of the Internet, allows you to use email, and gives you space on the Internet to show documents

IT: information technology

ITU: International Telecommunication Union. The International Telecommunication Union is the United Nations specialised agency for information and communication technologies.

IXP: Internet exchange point. Physical infrastructure through which Internet service providers (ISPs) exchange Internet traffic between their networks

JRC: Joint Research Centre. Directorate of the European Commission

KIT: Knowledge and Information Team

LEA: Law Enforcement Agency

M2M: machine to machine

MB: Management Board

MCS: Market, Certification and Standardization Unit

MEP: Member of the European Parliament

MoU: memorandum of understanding

MS: Member State

NAPAC: National public authority representatives committee

NATO: North Atlantic Treaty Organisation

NCSS: National Cybersecurity Strategies

NGO: non‑governmental organisation

n/g CERT: National / Governmental CERT. The term “national / governmental CERT” subsumes all “flavours” of national CERTs, governmental CERTs, national points of contacts and others in the EU Member States which acting as official national point of contact for national / governmental CERTs in other Member States and bearing responsibilities for the protection of critical information infrastructure (CIIP) in its country

NIS: Network and Information Security. A term used by the European Commission to refer to issues related to IT security, security of hard- and software, etc

NISD: NIS directive

NIS CG: NIS Cooperation Group

NLO: national liaison officer

NRA: national regulatory authority

OCU: Operational Cooperation Unit

OECD: Organisation for Economic Co-operation and Development

OSCE: Organization for Security and Co-operation in Europe

PaaS: Platform as a Service. In Cloud computing, PaaS is a layer of integration with application development frameworks, middleware capabilities, and functions such as database, messaging and queing, which allow developers to build applications upon to the platform and whose programming languages and tools are supported by the stack

PDI: Policy Development and Implementation Unit

Personal data: Any information relating to an identified or identifiable natural person hereinafter referred to as “data subject”; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity

PETs: privacy-enhancing technologies

PKI: Public Key Infrastructure. The architecture, organization, techniques, practices, and procedures that collectively support the implementation and operation of a certificate-based public key cryptographic system

PPP: public-private partnership. An arrangement where a government and a profit-making company invest in and work on an activity together

Privacy: The right of a person to not be subjected to arbitrary interference with his private life, family, home or correspondence nor to attacks upon his honour and reputation

Privacy Seal: A recognisable trust mark displayed by a web site which verifies the site implements certain security requirements as stated in its privacy policy

PSD: payment services directive

PSG: permanent stakeholders group

R&D: Research and Development

Resilience: The ability to recover from faults in addition to the ability to provide and maintain.

Risk assessment: The process of finding out how much risk is involved in doing something

SaaS: Software as a Service. In Cloud computing, SaaS provides a self-contained operating environment used to deliver the entire user experience including content, its presentation, the application(s) and management capabilities

SB: Supervisory Body

SCADA: Supervisory Control and Data Acquisition. SCADA systems are highly distributed systems used to control geographically dispersed assets, often scattered over thousands of square kilometers, where centralized data acquisition and control are critical to system operation. They are used in distribution systems such as water distribution and wastewater collection systems, oil and natural gas pipelines, electrical power grids, and railway transportation systems

SCCG: Stakeholder Cybersecurity Certification Group

Security Incident: An occurrence that harms integrity, accessibility, confidentiality or authenticity of a computer (or other device) or a network

SLA: service-level agreement

Smart Grid: it generally refers to a class of technology people are using to bring utility electricity delivery systems into the 21st century, using computer-based remote control and automation

SME: Small and Medium Enterprise

SNE: Seconded national expert

SOC: Security Operations Centre. Unit that deals with security issues on an organisational and technical level

SOP: standard operating procedure

SPD: single programming document

Standards: Guidance set up and established by authority as a rule for the measure of quantity, weight, extent, value, or quality

TA: temporary agent

Threat:  An expression of intention to inflict damage

TRANSIST: Training of Network Security Incident Teams Staff. Course that provides affordable, high-quality training to both new and experienced Computer Security and Incident Response Team (CSIRT) personnel, as well as individuals with a bona-fide interest in establishing a CSIRT

Transits: Computer-security and incident-response team (CSIRT) personnel training

TSP: trust service provider

WP: Work programme

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies