A strategic assessment of what level of residual risk is tolerable for an organization.

A target for event data relating to a specific software app or package. 

A DoS attack where the attacker sends numerous SYN requests to a target server, hoping to consume enough resources to prevent the transfer of legitimate traffic.

An incident response process in which hosts, networks, and systems are brought back to a secure baseline configuration.

A strictly enforceable ruleset that determines how a task should be completed.

Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario. 

Parsing information from multiple log and security event data sources so that it can be presented in a consistent and searchable format. 

An attack that involves the use of infected Internet-connected computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic.

An incident response process in which malicious tools and configurations on hosts and networks are removed.

Best practice recommendations and advice for configuration items where detailed, strictly enforceable policies and standards are impractical.

A group of hosts or devices that has been infected by a control program called a bot, which enables attackers to exploit the hosts to mount attacks.

The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring are needed. 

A target for event data related to access rules that have been configured for logging. 

A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.

In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.

Expected outcome or state of a task that has been performed in accordance with policies and procedures. These can be determined internally or measured against external frameworks.

Class of malware that modifies system files, often at the kernel level, to conceal its presence.

In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance. 

A target for event data related to access control, such as user authentication and privilege use. 

An attack that uses a captured authentication token to start an unauthorized session without having to discover the plaintext password for an account.

In digital forensics, being able to trace the source of evidence to a crime scene and show that it has not been tampered with.

An agreement that sets the service requirements and expectations between a consumer and a provider.

Software that records information about a PC and its users, often installed without the user’s consent.

Risk that remains even after controls are put into place. 

A potential indicator of malicious activity where event dates or timestamps are not consistent. 

Where a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application.

A forensic tool to prevent the capture or analysis device or workstation from changing data on a target disk or media.

Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.

Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment.