Cybersecurity Category
Incident Response
Terms used during cyber incidents, containment, investigation, recovery, and handover.
containment
Steps taken to stop an incident from spreading or causing more damage.
evidence preservation
Keeping emails, logs, files, screenshots, and timelines useful for investigation.
incident response
The structured process of containing, investigating, and recovering from a cyber incident.
indicators of compromise
Clues such as unusual logins, files, or settings that may point to compromise.
lessons learned
Practical improvements identified after an incident or near miss.
recovery in incident response
Restoring safe business operations after containment and investigation.
root cause analysis
Finding the underlying reason an incident happened so it can be fixed properly.
timeline analysis
Arranging events in order to understand how an incident started and developed.