🗣️Terminology

Event : Any observable occurrence involving computing assets, including physical and virtual platforms , n/w , services and cloud env

Incident: An occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies. [FISMA2014]

Incident Response: The remediation or mitigation of violations of security policies and recommended practices

Adverse Cybersecurity Event : Any event with a potentially -ve impact on cybersecurity

Cyber Threat Intelligence : Cyber threat information that has been aggregated, transformed, analyzed or enriched to provide the necessary context for decision-making processes.

Indicators of compromise(IOC): Technical artifacts or observables that suggest that an attack is imminent or is currently underway or that a compromise may have already occurred

TTP: Tactics, Technique, Procedures The behaviour of an actor. A tactic is the highest level description of this behaviour, while techniques give a more detailed description of behaviour in the context of a tactic, and procedures an even lower level , highly detailed description in the context of a technique

Threat: Any circumstance or event with the potential to adversely impact organisational operations ( including mission, functions, image or reputation) organisational assets, individuals other organisations or the nation through an information system via unauthorised access, destruction, disclosure or modification of information and or denial of service.

Vulnerability: A weakness in a system, system security procedures, internal controls or implementation by which an actor or event may intentionally exploit or accidentally trigger the weakness to access, modify or disrupt the normal operations of a system, resulting in a security incident or violation of the system's security policy.