🔐 Cybersecurity Glossary

A framework of policies, processes, and technologies that enables organizations to manage digital identities and control user access to critical information and systems. IAM ensures that the right individuals access the right resources at the right times for the right reasons.

A system that creates, maintains, and manages identity information for users while providing authentication services.

The process of limiting the scope and impact of a security incident by isolating affected systems, preventing lateral movement of threats, and stopping the incident from spreading to other parts of the network or organization.

The mandatory process of informing relevant stakeholders, regulatory authorities, and affected parties about security incidents within specified timeframes, including details about the nature, impact, and remediation measures of the incident.

A documented, structured approach with detailed procedures for detecting, responding to, and recovering from cybersecurity incidents. It defines roles, responsibilities, communication protocols, and step-by-step actions to minimize damage and restore normal operations efficiently.

A documented set of predefined procedures and workflows that guide SOC teams through the process of identifying, containing, eradicating, and recovering from specific types of security incidents, ensuring consistent and effective response actions.

A designated group of trained professionals responsible for managing and coordinating responses to cybersecurity incidents. The team typically includes technical experts, legal advisors, communications specialists, and management representatives who work together to contain, investigate, and remediate security breaches.

Forensic artifacts or observable patterns on a network or operating system that with high confidence indicate a computer intrusion or malicious activity. IoCs include file hashes, IP addresses, domain names, URLs, email addresses, and registry keys.

Proactive indicators that identify attacker behavior patterns in real-time, before damage occurs.

Forensic artifacts that identify potentially malicious activity on a system or network.

Technology that controls access to documents, emails, and files beyond the boundaries of the organization's network.

Managing and provisioning computing infrastructure through machine-readable configuration files rather than manual processes.

The level of risk existing before any controls are applied. Used in risk assessments to establish baseline risk level before evaluating the effectiveness of existing controls to arrive at residual risk.

A security risk that originates from within the organization, typically from current or former employees or business associates.

An independent assessment conducted within the organization to evaluate and improve the effectiveness of risk management, control, and governance.

A network security tool that monitors traffic for threats and automatically takes action to prevent them.