Cyber Keyterms

TTP

Tactics, Techniques, and Procedures

• Tactics: The attacker’s overall goal (e.g. steal data).

• Techniques: The methods used (e.g. phishing).

• Procedures: The exact steps taken.

• What it does: TTPs help security teams understand patterns in attacks rather than isolated events. Instead of reacting to single alerts, analysts use TTPs to recognise attacker behaviour across multiple systems.

• Why it matters: Makes detection and response more effective and proactive.

CVE - KEV

CVE: common vulnerabilities and exposure

KEV: known exploite

Threat Intelligence

• What it does: Collects and analyses information about known attackers, malware, tools, and campaigns. This information is used to add context to alerts and understand whether activity is malicious or expected.

• Why it matters: Helps analysts prioritise real threats and avoid false positives.

ISP

Internet Service Provider

• What it does: Provides internet connectivity and routes traffic between organisations and the wider internet. ISPs also assign IP addresses and may assist with tracing malicious traffic.

• Why it matters: Understanding ISPs helps analysts identify where traffic is coming from and whether it’s suspicious.

MSSP

Managed Security Service Provider

• What it does: Provides outsourced security services such as monitoring, alerting, and incident response. MSSPs often operate SOCs on behalf of multiple clients.

• Why it matters: Many junior analysts start their careers at MSSPs, gaining broad experience quickly.

Windows NT – New Technology

• What it does: The underlying architecture for Windows operating systems. It handles authentication, permissions, and system security.

• Why it matters: Most enterprise environments rely on Windows NT-based systems.

AD

Active Directory

• What it does: Central directory service that stores information about users, devices, and groups. It controls authentication and authorisation within a network.

• Why it matters: Compromising AD often means compromising the entire organisation.

IAM

Identity and Access Management

• What it does: Framework and tools that manage digital identities and control access to systems and data. IAM ensures users only have access they need.

• Why it matters: Identity-based attacks are one of the most common breach methods.

PAM

Privileged Access Management

• What it does: Controls and monitors high-privilege accounts such as administrators. It limits misuse and tracks privileged actions.

• Why it matters: Admin accounts have the highest impact if compromised.

Azure AD

Azure Active Directory (Entra ID)

• What it does: Cloud-based IAM service used to manage identities, sign-ins, and access to cloud and SaaS applications.

• Why it matters: Central to modern cloud security.

MFA

Multi-Factor Authentication

• What it does: Requires multiple forms of verification before access is granted, such as a password and a mobile app approval.

• Why it matters: Prevents most credential-based attacks.

MDM

Mobile Device Management

• What it does: Allows organisations to manage, secure, and monitor devices such as laptops and phones. Enforces encryption, updates, and remote wipe.

• Why it matters: Protects data even if devices are lost or stolen.

Intune

Microsoft Intune

• What it does: Microsoft’s MDM and endpoint management platform. It applies security policies, checks compliance, and manages updates.

• Why it matters: Central control of endpoint security.

GPO

Group Policy Object

• What it does: Applies configuration and security rules to Windows systems via Active Directory, ensuring consistent settings across devices.

• Why it matters: Prevents users from weakening security.

Autopilot – Windows Autopilot

• What it does: Automates the setup of new devices, applying security policies and software automatically.

• Why it matters: Reduces misconfiguration risk.

SaaS

Software as a Service

• What it does: Software hosted by a provider and accessed via the internet. The provider manages infrastructure while customers manage users and access.

• Why it matters: Security is heavily identity-focused.

PaaS

Platform as a Service

• What it does: Provides a platform for developers to build applications without managing servers.

• Why it matters: Security responsibility is shared.

IaaS

Infrastructure as a Service

• What it does: Provides virtual servers, networks, and storage. Customers manage OS and security controls.

• Why it matters: Misconfigurations can lead to breaches.

GCP

Google Cloud Platform

• What it does: Google’s cloud environment offering IaaS, PaaS, and SaaS.

• Why it matters: Cloud security knowledge is transferable.

SOC

Security Operations Centre

• What it does: A team responsible for monitoring systems, analysing alerts, and responding to incidents.

• Why it matters: Central hub for security defence.

SIEM

Security Information and Event Management

• What it does: Collects logs from systems, correlates events, and generates alerts based on rules or behaviour.

• Why it matters: Primary tool used by SOC analysts.

UBA

User Behaviour Analytics

• What it does: Analyses user behaviour patterns to detect anomalies such as compromised accounts.

• Why it matters: Detects threats that signature-based tools miss.

Incident Response

• What it does: Structured approach to identifying, containing, eradicating, and recovering from incidents.

• Why it matters: Minimises impact and downtime.

ISO 27001

International Organization for Standardization

• What it is: A globally recognised Information Security Management System (ISMS) standard.

• What it does: Provides a structured approach to managing security risks using policies, controls, audits, and continuous improvement.

• Why it matters: Demonstrates that an organisation takes security seriously and manages risk systematically.

CIS

Centre for Internet Security (Baselines)

• What it does: Provides specific, practical security configuration benchmarks.

• Why it matters: Easy way to improve security posture.

NIST

National Institute of Standards and Technology

• What it does: Provides cybersecurity frameworks and guidance such as Identify, Protect, Detect, Respond, Recover.

• Why it matters: Widely used and respected globally.

PCI DSS

Payment Card Industry Data Security Standard

• What it does: Defines security controls required to protect cardholder data.

• Why it matters: Legal and contractual requirement.

NIS2

Network and Information Systems Directive

• What it does: EU regulation requiring organisations to implement cybersecurity risk management and reporting.

• Why it matters: Legal obligation with penalties.

DORA

Digital Operational Resilience Act

• What it does: Requires financial organisations to ensure operational and cyber resilience.

• Why it matters: Focus on incident response and resilience

DevSecOps

Development, Security, and Operations

• What it does: Integrates security throughout the software development lifecycle.

• Why it matters: Reduces late-stage security issues.

Change Control

• What it does: Ensures changes are reviewed, approved, and documented before implementation.

• Why it matters: Prevents accidental incidents.

Release Management

• What it does: Plans and controls deployment of software changes.

• Why it matters: Stability and security.