Incident Response Plan

Security Operations Centre

A centralised facility where security professionals monitor, detect, analyse, and respond to cybersecurity incidents.

Intrusion Detection System

A system that monitors network traffic or system activities for malicious activity or policy violations.

Next-Generation Firewall

An advanced firewall that goes beyond traditional packet filtering to include application awareness and intrusion prevention.

Endpoint Detection and Response

Security technology that monitors endpoint devices to detect, investigate, and respond to cyber threats.

Security Orchestration Automation and Response

Technology that automates security operations by orchestrating tools and processes for incident response.

Digital Forensics

The process of collecting, preserving, and analysing electronic evidence for investigating security incidents.

Honeypot

A decoy system designed to attract attackers and study their methods while protecting real systems.

Extended Detection and Response

A unified security platform that integrates data from endpoints, networks, cloud workloads, and email to provide holistic threat detection, investigation, and automated response.

Security Orchestration, Automation and Response

A technology stack that integrates security tools and automates incident response workflows, enabling faster triage, investigation, and remediation of security alerts.

Threat Hunting

The proactive search for cyber threats within an organisation's environment that have evaded automated detection, using hypotheses, threat intelligence, and advanced analytics.

An international standard for information security management systems specifying requirements for establishing and maintaining security.

The process of converting plaintext data into ciphertext using an algorithm, making it unreadable without the decryption key.

A software security flaw unknown to the vendor that can be exploited before a patch is available.

Authentication methods such as FIDO2 passkeys and hardware security keys that are immune to phishing attacks because credentials are cryptographically bound to the legitimate service.

An auditing framework that evaluates the security, availability, processing integrity, confidentiality, and privacy of service organisations.

An organisation's ability to continuously deliver intended outcomes despite adverse cyber events, encompassing prevention, detection, response, and recovery capabilities.

A communication system where only the communicating users can read the messages, with encryption at both endpoints.

A group of security professionals who defend against both real attackers and simulated attacks from red teams.