Lateral movement describes the phase of an attack where the attacker moves from system to system within an already compromised network. The goal is to gain higher privileges, take over additional systems, and access valuable data. Typical techniques include pass-the-hash, exploiting trust relationships between systems, and using legitimate administration tools (living off the land). For your ISMS, lateral movement is one of the most important attack scenarios. Effective countermeasures include network segmentation, least privilege, monitoring of unusual authentication patterns, and endpoint detection and response (EDR).