Incident response and recovery terms

Security automation is a process that involves integrating different elements of an organization’s security in order to automate its tasks related to security.

Rubber duck debugging is a problem-solving technique that involves explaining the problem step-by-step to gain a deeper understanding of it.

Reverse engineering analyzes a software application, system, or device to understand its structure, functions, and operation by breaking it down into components.

Recovery time objective is the target time to recover IT and business activities after a disaster.

Network forensics is a field of digital forensics focusing on the collection and analysis of network data to understand cybersecurity incidents.

Memory forensics is a process that analyzes and extracts information from a computer's volatile memory, known as RAM.

In the context of information technologies (IT), the mean time to respond is the average time it takes to restore an IT system to normal operations after issuing an alert about its failure.

In cybersecurity, mean time to resolution (MTTR) refers to the time it takes to identify a security incident or data breach after the initial detection.

In the context of information technologies (IT), the mean time to repair is the average time it takes to repair an IT system after a failure.

In the context of information technologies (IT), the mean time to recovery is the average time it takes to completely restore an IT system to normal operations after a failure.

Mean time to detect (MTTD) is the average time it takes to detect a system's failure, problem, or security breach.

Mean time to contain (MTTC) is the average time it takes for an organization to deal with a security breach or incident after it's detected.

A mean time to acknowledge (also known as MTTA) is the average time it takes for the team or individual to start working on an issue after an alert is triggered.

An indicator of compromise (IoC) is a piece of forensic data, such as a system log entry or a file hash, that identifies potentially malicious activity on a system or network.

A hot site is an off-premises location where an organization can resume normal operations during a commercial disaster.

File carving is a digital forensic technique used to recover files from a storage medium (like a hard drive or memory card) based on the file's content rather than its metadata.

In cybersecurity, “Failback” returns system operations and information processing to its original state after failover.

Disaster recovery as a service is a cloud-based business solution for recovering IT systems and data in the event of an unexpected disruption.

DFIR is a field that consists of two branches of cybersecurity: digital forensics and incident response.

Dead-box forensics is an investigative process involving reviewing and analyzing offline digital devices and systems due to an incident (e.g., data breach).

DDoS mitigation (Distributed Denial of Service mitigation) is a set of techniques and strategies that protect a network or online service from being overwhelmed by a DDoS attack.

A cyber range is a virtual simulation space for training in cyber warfare and software development.

A cyber incident happens when an attacker attempts to breach or successfully breaches the security measures of a digital system, network, or service.

A cyber incident response plan is a set of documented instructions that an organization follows in response to security incidents.

Cyber forensics is a branch of forensic science focusing on the recovery and analysis of digital evidence.

Cyber attribution is the process of tracing and identifying the origin or nature of a cyberattack.

CSIRT is a team of IT professionals responsible for detecting, controlling, and eliminating cyber incidents within an organization.

Computer forensics is the process of investigating and analyzing digital devices (e.g., computers, smartphones, tablets) to collect evidence for legal proceedings.

Cloud forensics is a branch of digital forensics that involves identifying, preserving, analyzing, and presenting data in the cloud for legal and investigative purposes.

A blue team comprises tech professionals who aim to protect an information system from impending cyber threats.

Binary code analysis is the process of examining the final version of a program.

Backtracking is a cybersecurity term that refers to the process of tracing a cyberattacker's steps by analyzing the digital footprints left during an attack.

A backout plan is a predefined strategy to reverse and recover from changes made to a system if the changes produce undesirable results.

A back-hack is a counteractive measure where an attacked victim attempts to trace or hack back into the offender's system.

Active defense is a set of proactive strategies and actions to prevent, detect, and respond to cyber threats.

An ABEND occurs when a computer program or system unexpectedly fails or stops working.