4. Security Operations and Incident Response

AV

Antivirus: Software detecting and removing malware

CERT

Computer Emergency Response Team: Expert group handling computer security incidents

CIRT

Computer Incident Response Team: Group responsible for security incident handling

DDoS

Distributed Denial of Service: Attack where multiple systems flood a target

DLP

Data Loss Prevention: Systems preventing sensitive data leakage or theft

DoS

Denial of Service: Attack aiming to make a resource unavailable

EDR

Endpoint Detection and Response: Tools monitoring endpoint systems to detect and respond to threats

FIM

File Integrity Management: Process verifying file validity through comparison

HIDS

Host-based Intrusion Detection System: System monitoring and analyzing activities on individual hosts

HIPS

Host-based Intrusion Prevention System: HIDS with active prevention capabilities

IDS

Intrusion Detection System: Device or software detecting network or system intrusions

IoC

Indicators of Compromise: Artifacts indicating system compromise

IPS

Intrusion Prevention System: IDS with active threat prevention capabilities

IR

Incident Response: Organized approach to addressing security incidents

IRP

Incident Response Plan: Documented procedures for responding to security incidents

NGFW

Next-generation Firewall: Integrated network platform with advanced filtering capabilities

NIDS

Network-based Intrusion Detection System: System monitoring network traffic for malicious activity

NIPS

Network-based Intrusion Prevention System: NIDS with active prevention capabilities

PCAP

Packet Capture: Application programming interface for capturing network traffic

PUP

Potentially Unwanted Program: Software that may be unwanted despite being consciously installed

RA

Recovery Agent: Entity that can decrypt data encrypted by others

RAT

Remote Access Trojan: Malware providing unauthorized remote access

SIEM

Security Information and Event Management: System providing real-time security event monitoring and analysis

SOC

Security Operations Center: Facility housing security analysts who monitor and respond to security events

SOAR

Security Orchestration, Automation, Response: Technologies automating security operations tasks

UTM

Unified Threat Management: Security appliance combining multiple security functions

XDR

Extended Detection and Response: Extended detection and response across endpoints, networks, and cloud