Security-Operations

A Data Breach is an incident involving unauthorized access, disclosure, or exfiltration of sensitive information. This SECMONS glossary entry explains what qualifies as a breach, how breaches occur, legal and operational implications, and how organizations reduce breach impact.

Incident Response is the structured process organizations follow to detect, contain, eradicate, and recover from cybersecurity incidents. This SECMONS glossary entry explains incident response phases, operational workflows, and how effective response reduces dwell time and business impact.

Patch Management is the operational process of acquiring, testing, deploying, and verifying software updates to remediate security vulnerabilities. This SECMONS glossary entry explains how patch management works, how it differs from vulnerability management, and why delayed patching leads to real-world exploitation.

Practical guide to handling the first 24 hours of a cybersecurity incident, including containment, investigation, and risk reduction steps.

Practical guide to vulnerability scanning, including prioritization, exposure awareness, and integrating results into real-world risk reduction.

Exposure Management is a cybersecurity strategy focused on continuously identifying, prioritizing, and reducing security exposures across infrastructure, applications, identities, and cloud environments.

Extended Detection and Response (XDR) is a cybersecurity approach that correlates telemetry across endpoints, identities, networks, cloud services, and email systems to improve threat detection, investigation, and coordinated response.

Network Detection and Response (NDR) is a cybersecurity technology that monitors network traffic to detect suspicious behavior, identify threats, and support investigation and response to malicious activity within enterprise environments.

Attack Surface Management (ASM) is the cybersecurity practice of continuously discovering, monitoring, and analyzing internet-exposed assets in order to identify vulnerabilities, misconfigurations, and potential entry points attackers could exploit.

Detection Engineering is the cybersecurity discipline focused on designing, implementing, testing, and maintaining detection logic that identifies malicious activity within systems, networks, and cloud environments.

Managed Detection and Response (MDR) is a cybersecurity service model that provides continuous threat monitoring, detection, investigation, and incident response support delivered by specialized security teams.

Security Orchestration, Automation and Response (SOAR) is a cybersecurity platform category that integrates security tools, automates incident response workflows, and helps analysts coordinate investigations and remediation actions across complex environments.

Threat Hunting is a proactive cybersecurity practice where analysts actively search for signs of malicious activity within networks, endpoints, and cloud environments before automated detection systems generate alerts.

Indicators of Attack (IOA) are behavioral signs that reveal malicious activity occurring within a system or network, allowing security teams to detect attacks based on attacker behavior rather than known malware signatures.

Endpoint Detection and Response (EDR) is a cybersecurity technology designed to monitor endpoint activity, detect malicious behavior, and enable rapid investigation and response to threats affecting workstations, servers, and other network-connected devices.

Security Information and Event Management (SIEM) is a cybersecurity platform that centralizes logs and security telemetry from across an environment, enabling correlation, detection, investigation, and response to security threats.

Comprehensive guide explaining how organizations can design, implement, and maintain an effective incident response plan for cybersecurity events.

Operational playbook for coordinating security incident response, including investigation leadership, communication workflows, containment strategy, and cross-team collaboration during cyber incidents.

Digital Forensics is the cybersecurity discipline focused on collecting, preserving, analyzing, and presenting digital evidence from computers, networks, and other systems in order to investigate security incidents and cybercrime.

Asset Inventory is the process of identifying, cataloging, and continuously tracking all hardware, software, systems, and digital resources within an organization in order to maintain visibility, manage risk, and support cybersecurity operations.

A Blue Team is the defensive cybersecurity group responsible for monitoring systems, detecting threats, responding to security incidents, and protecting an organization's infrastructure from cyberattacks.

Privileged Access Management (PAM) is a cybersecurity discipline focused on securing, monitoring, and controlling accounts with elevated permissions such as administrators, root users, and service accounts.

A Security Operations Center (SOC) is a centralized team and operational function responsible for monitoring, detecting, investigating, and responding to cybersecurity threats across an organization's infrastructure.