Skip to main content

Reference

Cybersecurity glossary

Plain-language definitions of the security and Indonesian compliance terms we work with every day, each linked to where we go deeper.

Reviewed by Mohit Bhansali

A

APT (Advanced Persistent Threat)

Advanced Persistent Threat

An APT is a well-resourced attacker, often state-linked, that gains access and stays hidden for a long time to pursue a specific goal. The defining trait is patience and stealth, not a single smash-and-grab.

Attack surface

The attack surface is the full set of points where an attacker could try to get in: exposed services, applications, accounts, and third-party connections. Reducing it is often the cheapest security win.

B

BEC (Business Email Compromise)

Business Email Compromise

BEC is a targeted fraud where an attacker impersonates an executive or supplier over email to redirect a payment or sensitive data. It relies on deception rather than malware, so it often bypasses technical filters.

BSSN (National Cyber and Crypto Agency)

Badan Siber dan Sandi Negara

BSSN is Indonesia's national cyber agency, responsible for national cyber policy, standards, and incident coordination across government and critical sectors.

D

DAST (Dynamic Application Security Testing)

Dynamic Application Security Testing

DAST tests a running application from the outside, the way an attacker would, to find flaws that only appear at runtime. It complements SAST rather than replacing it.

DevSecOps

DevSecOps builds security checks into the software development pipeline so issues are caught as code is written, not after release. It shifts security left, closer to the developer.

DFIR (Digital Forensics and Incident Response)

Digital Forensics and Incident Response

DFIR combines forensic investigation with incident response: preserving evidence, reconstructing what happened, and supporting any legal or regulatory follow-up.

DPO (Data Protection Officer)

Data Protection Officer

A DPO is the person accountable for an organisation's personal-data compliance. Under UU PDP, many organisations that process data at scale are expected to appoint one.

E

G

I

M

N

NDR (Network Detection and Response)

Network Detection and Response

NDR analyses network traffic to find threats that do not touch a managed endpoint, such as activity from unmanaged devices or lateral movement between systems.

NIST CSF (Cybersecurity Framework)

Cybersecurity Framework

The NIST Cybersecurity Framework organises security work into a common set of functions such as identify, protect, detect, respond, and recover. It gives teams a shared language for measuring maturity.

O

P

Penetration testing

pentest

A penetration test is an authorised, simulated attack on a system to find and prove real weaknesses before a genuine attacker does. The output is a prioritised list of findings with evidence.

Phishing

Phishing is a social-engineering attack where criminals impersonate a trusted sender to trick people into revealing credentials, transferring money, or installing malware. It is the starting point for most breaches.

POJK 11/2022

POJK 11/2022 is an OJK regulation setting information-security and resilience requirements for commercial banks, including penetration testing and incident reporting.

POJK 34/2025

POJK 34/2025 extends structured IT and cyber-resilience obligations to rural banks (BPR/BPRS), with a compliance deadline that many smaller banks must still prepare for.

PP 71/2019

PP 71/2019 governs electronic systems and transactions in Indonesia, including rules on data placement and the obligations of electronic system operators.

Purple team

A purple team exercise has attackers (red) and defenders (blue) work together in the open, so every simulated attack directly improves detection and response.

R

S

SAST (Static Application Security Testing)

Static Application Security Testing

SAST analyses source code for security flaws without running it. It runs early in development and flags issues like injection risks before the application is ever deployed.

SBOM (Software Bill of Materials)

Software Bill of Materials

An SBOM is a full inventory of the components and open-source libraries inside a piece of software. When a new vulnerability appears, it tells you in minutes whether you are affected.

SIEM (Security Information and Event Management)

Security Information and Event Management

A SIEM collects and correlates log data from across an organisation so analysts can spot patterns that a single system would miss. It is the data backbone most SOCs are built on.

SOAR (Security Orchestration, Automation and Response)

Security Orchestration, Automation and Response

SOAR tools automate repetitive response steps, such as enriching an alert or isolating a host, so analysts spend their time on judgement rather than manual clicks.

SOC (Security Operations Center)

Security Operations Center

A SOC is the team, process, and tooling that monitors an organisation for security threats around the clock. It collects signals from across the network, investigates suspicious activity, and coordinates the response when something is wrong.

SOC 2

SOC 2 is a reporting standard that evaluates how a service provider protects customer data across controls such as security and availability. It is frequently requested by enterprise buyers before signing.

Social engineering

Social engineering manipulates people into breaking security rules, for example by posing as IT support to reset a password. It targets human trust rather than technical flaws.

T

Threat hunting

Threat hunting is the proactive search for attackers who have evaded automated detection. Analysts form a hypothesis about how an intrusion might look and then hunt for that evidence in the data.

U

V

X

Z