Lesson 12 - Incident Response and Monitoring Concepts Flashcards
IR
Incident Response
SIEM
Security Information and Event Management
- A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.
SOAR
Security Orchestration, Automation and Response
- a set of tools and technologies that help organizations manage and respond to security threats efficiently by integrating security tools, automating tasks, and coordinating incident responses.
CIRT
Computer Incident Response Team
- a specialized team responsible for detecting, containing, and responding to cyber incidents, minimizing damage and restoring normal operations
CSIRT
Computer Security Incident Response Team
- a specialized group of IT professionals who are responsible for responding to and mitigating cybersecurity incidents, ensuring a swift and effective recovery while also preventing future occurrences.
CERT
Computer Emergency Response Team
- a group of security experts tasked with protecting against, detecting, and responding to cybersecurity incidents.
SOC
Security Operations Center
- a centralized function that monitors, detects, and responds to security incidents, employing people, processes, and technology to protect an organization’s assets.
IRP
Incident Response Plan
- Specific procedures that must be performed if a certain type of event is detected or reported.
LLR
Lesson Learned Report
- An analysis of events that can provide insight into how to improve response and support processes in the future.
AAR
After-Action Report
- a structured document that analyzes a cybersecurity incident or exercise to identify lessons learned and areas for improvement, ultimately enhancing future preparedness and response capabilities.
ESI
Electronically Stored Information
- encompassing any data held in digital form (emails, documents, databases, etc.) that can be crucial in legal matters, investigations, or compliance, requiring robust security and management.
ARP
Address Resolution Protocol
- the process of connecting dynamic IP addresses to a physical machine MAC addresses.
UTC
Universal Coordinated Time
- a time standard used for global synchronization of events and data, including cybersecurity incidents and logs
EPP
Endpoint Protection Platform
- a suite of security technologies designed to protect endpoint devices (like laptops, desktops, and servers) from various threats, including malware, by combining multiple security functions into a single, centralized system
MUA
Mail User Agent
MDA
Mail Delivery Agent
MTA
Message Transfer Agent
SNMP
Simple Network Management Protocol
- an application-layer protocol that transmits management data between network devices.
SCAP
Security Content Automation Protocol
- a framework of open standards that automates vulnerability management, measurement, and policy compliance evaluation, enabling organizations to efficiently identify, assess, and remediate security issues
OVAL
Open Vulnerability and Assessment Language
- an XML schema for describing system security state and querying vulnerability reports and information.
XCCDF
Extensible Configuration Checklist Description Format
- an XML schema for developing and auditing best practice configuration checklists and rules.