Incident response lifecycle

The incident response lifecycle is the structured set of phases — preparation, detection and analysis, containment, eradication, recovery, and lessons learned — for handling security incidents. CySA+ covers it in the incident-response domain.

All CS0-003 Terms

SIEM

SIEM (Security Information and Event Management) is a platform that aggregates and correlates log and event data to detect and investigate threats.

SOAR

SOAR (Security Orchestration, Automation, and Response) is technology that automates and coordinates security workflows and incident response.

EDR

EDR (Endpoint Detection and Response) is a tool that continuously monitors endpoints to detect, investigate, and respond to threats.

MITRE ATT&CK

MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations.

Cyber Kill Chain

The Cyber Kill Chain is a model that describes the stages of a cyberattack from reconnaissance through actions on objectives.

Threat hunting

Threat hunting is the proactive search for threats that have evaded existing security controls.

Indicator of compromise

An indicator of compromise (IoC) is an artifact — such as a suspicious IP, file hash, or domain — that suggests a security breach.

CVSS

CVSS (Common Vulnerability Scoring System) is a standard for rating the severity of vulnerabilities on a 0–10 scale.

Vulnerability scanning

Vulnerability scanning is the automated process of identifying security weaknesses in systems and applications.

False positive

A false positive is a reported finding that is not actually a real vulnerability or threat.

Incident response lifecycle

The incident response lifecycle is the structured set of phases — preparation, detection and analysis, containment, eradication, recovery, and lessons learned — for handling security incidents.

Playbook

A playbook is a documented, repeatable procedure for responding to a specific type of security incident.

Root cause analysis

Root cause analysis is the post-incident process of determining the underlying cause of an incident to prevent recurrence.