Skip to main content
European Cybersecurity Atlas

Cybersecurity Taxonomy

The JRC Cybersecurity Taxonomy

A common taxonomy aligns cybersecurity definitions and terminologies to enable the categorisation of existing institutions and expertise across Europe. This categorisation is crucial to facilitate the potential collaboration among these institutions and consequently to foster the establishment of the Competence Centre and Network.

The taxonomy created by the European Commission Joint Research Centre (JRC) is based on a comprehensive set of standards, regulations and best practices, and it has been validated by different EU cybersecurity stakeholders, such as the European Cyber Security Organization (ECSO). It was further enhanced based on feedback provided by the four cybersecurity research and competence network pilot projects (CONCORDIA, ECHO, SPARTA and CyberSec4Europe), which embrace over 160 partners including companies, SMEs, universities and research institutes. 

A similar knowledgebase, if integrated with other existing databases (e.g., patents, European projects, research production, scientific profiles), will be also extremely relevant in the assessment of the R&D cybersecurity position of Europe. This would provide useful information to identify weaknesses and where and how to act to reach a homogeneous development of the cybersecurity domain.

The JRC Cybersecurity Taxonomy is built on four dimensions, namely Knowledge domains (or simply Domains, each of them with a set of subdomains), Sectors, Technologies, Use cases (see picture below). More information about the taxonomy and the related EU Vocabulary can be found at the following URLs:

 

High-level overview of the JRC Cybersecurity Taxonomy with its four dimensions

The image above shows the elements of the four dimensions of the JRC Cybersecurity Taxonomy. 

The list of Domains is the following:

  • Assurance, Audit and Certification    
  • Cryptology (Cryptography and Cryptanalysis)    
  • Data Security and Privacy    
  • Education and Training    
  • Human Aspects    
  • Identity Management    
  • Incident Handling and Digital Forensics     
  • Legal Aspects    
  • Network and Distributed Systems    
  • Security Management and Governance    
  • Security Measurements     
  • Software and Hardware Security Engineering    
  • Steganography, Steganalysis and Watermarking    
  • Theoretical Foundations    
  • Trust Management and Accountability

The list of Sectors is:

  • Audiovisual and media
  • Chemical
  • Defence
  • Digital Services and Platforms
  • Energy
  • Financial
  • Food and drink
  • Government 
  • Health 
  • Manufacturing and supply chain
  • Nuclear
  • Safety and Security
  • Space
  • Telecomm Infrastructure
  • Transportation

The list of Technologies is the following:

  • Artificial intelligence
  • Big Data
  • Blockchain and Distributed Ledger Technology (DLT)
  • Cloud, Edge and Virtualisation
  • Hardware technology (RFID, chips, sensors, networking, etc.)
  • High-performance computing (HPC)
  • Human Machine Interface (HMI)
  • Industrial IoT and Control Systems (e.g. SCADA and Cyber Physical Systems – CPS)
  • Information Systems
  • Internet of Things, embedded systems, pervasive systems
  • Mobile devices
  • Operating systems
  • Quantum Technologies (e.g. computing and communication)
  • Robotics
  • Satellite systems and applications
  • UAV (unmanned aerial vehicles)
  • Vehicular Systems (e.g. autonomous vehicles)

Finally, the list of Use cases is:

  • Border and external security
  • Critical Infrastructure Protection
  • Disaster resilience and crisis management
  • Fight against crime and terrorism
  • Local/wide area observation and surveillance
  • Protection of public spaces