Reference
Cybersecurity glossary
Plain-language definitions of the security and Indonesian compliance terms we work with every day, each linked to where we go deeper.
Reviewed by Mohit Bhansali
A
APT (Advanced Persistent Threat)
Advanced Persistent Threat
An APT is a well-resourced attacker, often state-linked, that gains access and stays hidden for a long time to pursue a specific goal. The defining trait is patience and stealth, not a single smash-and-grab.
Attack surface
The attack surface is the full set of points where an attacker could try to get in: exposed services, applications, accounts, and third-party connections. Reducing it is often the cheapest security win.
B
BEC (Business Email Compromise)
Business Email Compromise
BEC is a targeted fraud where an attacker impersonates an executive or supplier over email to redirect a payment or sensitive data. It relies on deception rather than malware, so it often bypasses technical filters.
BSSN (National Cyber and Crypto Agency)
Badan Siber dan Sandi Negara
BSSN is Indonesia's national cyber agency, responsible for national cyber policy, standards, and incident coordination across government and critical sectors.
D
DAST (Dynamic Application Security Testing)
Dynamic Application Security Testing
DAST tests a running application from the outside, the way an attacker would, to find flaws that only appear at runtime. It complements SAST rather than replacing it.
DevSecOps
DevSecOps builds security checks into the software development pipeline so issues are caught as code is written, not after release. It shifts security left, closer to the developer.
DFIR (Digital Forensics and Incident Response)
Digital Forensics and Incident Response
DFIR combines forensic investigation with incident response: preserving evidence, reconstructing what happened, and supporting any legal or regulatory follow-up.
DPO (Data Protection Officer)
Data Protection Officer
A DPO is the person accountable for an organisation's personal-data compliance. Under UU PDP, many organisations that process data at scale are expected to appoint one.
E
G
I
ICS / SCADA
Industrial Control Systems · Supervisory Control and Data Acquisition
ICS and SCADA are the control systems that monitor and operate industrial equipment. They were built for reliability in isolated networks, which makes securing them as they connect to IT a distinct challenge.
IEC 62443
IEC 62443 is the international standard series for securing industrial automation and control systems. It defines security levels and requirements tailored to OT rather than IT environments.
Incident response (IR)
IR
Incident response is the structured process of containing, investigating, and recovering from a security incident. A tested IR plan is what separates a contained event from a public breach.
ISO 27001
ISO 27001 is the international standard for an information security management system (ISMS). Certification demonstrates that security is managed by a documented, audited process rather than ad hoc effort.
M
MDR (Managed Detection and Response)
Managed Detection and Response
MDR is a service that combines threat detection with active response, not just alerts. Where a basic managed service tells you something happened, MDR takes agreed containment actions on your behalf.
MSSP (Managed Security Service Provider)
Managed Security Service Provider
An MSSP runs security operations on behalf of a company, usually including monitoring, detection, and response. Indonesian firms use an MSSP when building an in-house SOC is too slow or too costly to staff.
N
NDR (Network Detection and Response)
Network Detection and Response
NDR analyses network traffic to find threats that do not touch a managed endpoint, such as activity from unmanaged devices or lateral movement between systems.
NIST CSF (Cybersecurity Framework)
Cybersecurity Framework
The NIST Cybersecurity Framework organises security work into a common set of functions such as identify, protect, detect, respond, and recover. It gives teams a shared language for measuring maturity.
O
P
Penetration testing
pentest
A penetration test is an authorised, simulated attack on a system to find and prove real weaknesses before a genuine attacker does. The output is a prioritised list of findings with evidence.
Phishing
Phishing is a social-engineering attack where criminals impersonate a trusted sender to trick people into revealing credentials, transferring money, or installing malware. It is the starting point for most breaches.
POJK 11/2022
POJK 11/2022 is an OJK regulation setting information-security and resilience requirements for commercial banks, including penetration testing and incident reporting.
POJK 34/2025
POJK 34/2025 extends structured IT and cyber-resilience obligations to rural banks (BPR/BPRS), with a compliance deadline that many smaller banks must still prepare for.
PP 71/2019
PP 71/2019 governs electronic systems and transactions in Indonesia, including rules on data placement and the obligations of electronic system operators.
Purple team
A purple team exercise has attackers (red) and defenders (blue) work together in the open, so every simulated attack directly improves detection and response.
R
Ransomware
Ransomware is malware that encrypts an organisation's data and demands payment to restore it, often with a threat to leak the data too. It remains one of the costliest incidents for Indonesian companies.
Red team
A red team runs a goal-driven, adversarial exercise that tests people, process, and technology together, not just one application. It measures how an organisation detects and responds under realistic pressure.
S
SAST (Static Application Security Testing)
Static Application Security Testing
SAST analyses source code for security flaws without running it. It runs early in development and flags issues like injection risks before the application is ever deployed.
SBOM (Software Bill of Materials)
Software Bill of Materials
An SBOM is a full inventory of the components and open-source libraries inside a piece of software. When a new vulnerability appears, it tells you in minutes whether you are affected.
SIEM (Security Information and Event Management)
Security Information and Event Management
A SIEM collects and correlates log data from across an organisation so analysts can spot patterns that a single system would miss. It is the data backbone most SOCs are built on.
SOAR (Security Orchestration, Automation and Response)
Security Orchestration, Automation and Response
SOAR tools automate repetitive response steps, such as enriching an alert or isolating a host, so analysts spend their time on judgement rather than manual clicks.
SOC (Security Operations Center)
Security Operations Center
A SOC is the team, process, and tooling that monitors an organisation for security threats around the clock. It collects signals from across the network, investigates suspicious activity, and coordinates the response when something is wrong.
SOC 2
SOC 2 is a reporting standard that evaluates how a service provider protects customer data across controls such as security and availability. It is frequently requested by enterprise buyers before signing.
T
Threat hunting
Threat hunting is the proactive search for attackers who have evaded automated detection. Analysts form a hypothesis about how an intrusion might look and then hunt for that evidence in the data.
U
V
VAPT (Vulnerability Assessment and Penetration Testing)
Vulnerability Assessment and Penetration Testing
VAPT pairs a broad scan for known weaknesses with hands-on testing that tries to exploit them. It is the phrase Indonesian regulators and tenders most often use for security testing.
Vulnerability assessment
A vulnerability assessment is a systematic scan that catalogues known weaknesses across systems and ranks them by severity. It shows breadth of exposure rather than proving exploitability.
Social engineering
Social engineering manipulates people into breaking security rules, for example by posing as IT support to reset a password. It targets human trust rather than technical flaws.