Sound the Alarm: Detection and Response: Module 1 Flashcards
(18 cards)
Computer Security Incident Response Teams (CSIRT)
A group of security experts trained to handle and respond to cyber incidents.
Documentation
Recorded information used for a specific task or purpose.
Endpoint Detection and Response (EDR)
A tool on devices like laptops or phones that watches for and stops suspicious behavior.
Event
Something that happens on a computer, network, or device.
False Negative
When something bad happens, but the system misses it.
False Positive
When the system thinks something bad happened, but it’s actually fine.
Incident
A real or likely threat to important information or systems, like a hack or rule violation.
Incident Handler’s Journal
Notes taken during an incident to keep track of what happened.
Incident Response Plan
A step-by-step guide on what to do during a cyber incident.
Intrusion Detection System (IDS)
A tool that watches for bad activity and sends alerts but doesn’t stop it.
Intrusion Prevention System (IPS)
A tool that watches for and also blocks bad activity.
National Institute of Standards and Technology (NIST) Incident Response Lifecycle
A 4-step plan for handling cyber incidents: Prepare, Detect, Respond, and Learn.
Playbook
A guide that tells you exactly how to handle certain tasks or incidents.
Security Information and Event Management (SIEM)
A tool that collects and checks logs to find and alert on threats.
Security Operations Center (SOC)
A team that watches over a company’s networks and devices for cyber threats.
Security Orchestration, Automation, and Response (SOAR)
A system that uses automation to help security teams respond to incidents faster.
True Negative
Nothing bad happened, and the system didn’t alert—just like it should.
True Positive
A real threat was detected correctly by the system.
