Security Orchestration, Automation and Response

Security Operations Centre

A centralised facility where security professionals monitor, detect, analyse, and respond to cybersecurity incidents.

Intrusion Detection System

A system that monitors network traffic or system activities for malicious activity or policy violations.

Next-Generation Firewall

An advanced firewall that goes beyond traditional packet filtering to include application awareness and intrusion prevention.

Endpoint Detection and Response

Security technology that monitors endpoint devices to detect, investigate, and respond to cyber threats.

Security Orchestration Automation and Response

Technology that automates security operations by orchestrating tools and processes for incident response.

Incident Response Plan

A documented set of procedures for detecting, responding to, and recovering from cybersecurity incidents.

Digital Forensics

The process of collecting, preserving, and analysing electronic evidence for investigating security incidents.

Honeypot

A decoy system designed to attract attackers and study their methods while protecting real systems.

Extended Detection and Response

A unified security platform that integrates data from endpoints, networks, cloud workloads, and email to provide holistic threat detection, investigation, and automated response.

Threat Hunting

The proactive search for cyber threats within an organisation's environment that have evaded automated detection, using hypotheses, threat intelligence, and advanced analytics.

The total number of points where an unauthorised user can try to enter or extract data from a system.

A group of security professionals who defend against both real attackers and simulated attacks from red teams.

Malicious software designed to disrupt, damage, or gain unauthorised access to computer systems.

Security solutions that control and monitor access for users with elevated permissions to critical systems.

Malicious software that encrypts a victim's files and demands payment for the decryption key.

A simulated cyberattack against a system to evaluate the security of its defences and identify exploitable vulnerabilities.

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information.

An auditing framework that evaluates the security, availability, processing integrity, confidentiality, and privacy of service organisations.