Bài tập Tabletop
A discussion-based incident response simulation where team members review and role-play their actions and decisions for hypothetical security scenarios.
View termCategories
SOC
Browse SOC terms for cybersecurity professionals.
Languages
Báo cáo Sự cố
The formal process of documenting and communicating the details of a cybersecurity incident to relevant stakeholders, regulatory authorities, or partners, as required by legal, regulatory, or contractual obligations (see NIST SP 800-61 and ENISA guidelines).
View termBáo cáo sự cố
The formal communication process for notifying internal or external authorities about detected security incidents, as required by organizational policy, regulatory, or contractual obligations.
View termBảo Toàn Bằng Chứng
The controlled process of securing, documenting, and protecting digital or physical evidence to maintain integrity for internal review or legal proceedings.
View termChiến lược ngăn chặn
A set of planned actions and measures taken to limit the spread and impact of a cybersecurity incident, preventing further damage or lateral movement within the environment.
View termChuyển cấp sự cố
The formal process of transferring a detected security incident to higher-level personnel or specialized teams for further analysis, response, or decision-making.
View termChuyển cấp vụ việc
The process of transferring a security incident or case to a higher-level team or authority due to severity, complexity, or policy requirements.
View termChuỗi bảo quản chứng cứ
A formal process documenting the chronological handling, transfer, and control of digital evidence, ensuring its integrity and admissibility in legal or regulatory proceedings.
View termCách ly máy chủ
The process of removing a compromised or suspicious host from the network to prevent lateral movement and further compromise while incident investigation and remediation are performed.
View termCảnh Báo An Ninh
Automated or manual notification process by which a security system or analyst informs relevant personnel of detected suspicious activity or confirmed incidents in real time.
View termDanh sách kiểm soát truy cập
A table or data structure used to specify permissions attached to system objects, defining which users or processes are granted access to objects and operations.
View termDòng thời gian sự cố
A detailed chronological record of all events, actions, and system states related to a security incident, used for investigation, reporting, and post-incident review.
View termGhi Nhật Sự Cố
The systematic recording of incident details, timelines, actions taken, and outcomes to ensure transparency, facilitate analysis, and support compliance requirements.
View termGiao Tiếp Sự Cố
The timely and coordinated exchange of information about an incident’s status, impact, and response among internal teams, stakeholders, and, where required, external parties.
View termGiám sát an ninh
Continuous observation, collection, and analysis of security events and data across information systems to detect threats, policy violations, or anomalous activities as part of organizational risk management.
View termGiám định số
The discipline of identifying, preserving, analyzing, and documenting digital evidence from electronic devices to support incident response, legal processes, or internal investigations.
View termGiảm Nhẹ Sự Cố
Targeted actions taken to reduce the immediate and long-term impact of a security incident, including containment, eradication, and recovery measures.
View termGán mối đe dọa
Threat Attribution is the analytical process of linking a detected cyber threat, campaign, or incident to a specific actor, group, or nation-state, based on technical indicators, tactics, infrastructure, and intelligence sources. Essential in cyber threat intelligence and legal proceedings.
View termHoạt động An ninh
All coordinated activities performed in a Security Operations Center (SOC) to monitor, detect, investigate, and respond to cybersecurity threats in real time. This includes proactive defense, continuous monitoring, incident handling, and threat intelligence integration, as described in NIST SP 800-137 and ISO/IEC 27035.
View termHành động khắc phục
Steps taken to eliminate the cause of a detected security incident, restore affected systems, and strengthen defenses to prevent recurrence.
View termKhôi phục sự cố
The coordinated set of actions taken to restore systems, operations, and services to normal functioning after a security incident, minimizing impact and ensuring business continuity.
View termKhả năng phát hiện
Detection Capability is the measure of an organization's ability to identify and recognize cyber threats, malicious activities, and security incidents in a timely and accurate manner using technical and procedural controls.
View termKiến trúc Zero Trust
A security model that assumes no implicit trust is granted to systems or users inside or outside the network; verification is required for every access request.
View termKiểm soát phần mềm độc hại
Malware Containment is the set of actions and controls enacted to isolate and prevent the spread of malicious software within an organization’s systems, often as part of the incident response lifecycle.
View termKiểm soát sự cố
The actions taken to limit the impact of a security incident by isolating affected systems, preventing lateral movement, and preserving evidence for investigation.
View termKế hoạch khắc phục
A documented set of actions designed to eliminate the root cause and effects of a security incident, restore affected systems, and reduce the risk of recurrence.
View termKế hoạch ứng phó
A documented strategy outlining procedures, roles, responsibilities, and communications for responding to cybersecurity incidents.
View termKỹ thuật phát hiện
The discipline of designing, implementing, and tuning security monitoring rules, analytics, and automation to identify threats with accuracy and minimal false positives.
View termLeo thang đặc quyền
An attack or exploit in which a user or application gains higher access rights or privileges than intended by system policy.
View termLàm giàu cảnh báo
The process of adding contextual information to security alerts, such as asset details, user context, or threat intelligence, to improve investigation and response efficiency.
View termLưu trữ nhật ký
The process and policy of securely retaining security event and audit logs for a defined period to ensure availability for investigations, compliance, and forensic analysis.
View termMô Hình Mối Đe Dọa
A structured process for identifying, prioritizing, and evaluating potential threats and vulnerabilities to an organization’s information systems to guide security controls design and risk mitigation strategies.
View termMô phỏng tấn công
A controlled emulation of cyberattacks against systems, networks, or people to assess security posture, validate defenses, and improve response capabilities.
View termMô phỏng đối thủ
The simulation of real-world attacker behaviors and techniques in a controlled environment to test and improve detection and response capabilities.
View termMô phỏng đối thủ
Adversary Simulation is a controlled security exercise that emulates realistic cyber attacks by mimicking the tactics, techniques, and procedures (TTPs) of threat actors to assess organizational detection, prevention, and response capabilities.
View termMệt mỏi cảnh báo
Alert Fatigue is a condition in which security analysts become desensitized or overwhelmed due to excessive or repetitive alerts, potentially resulting in missed detections or slower response in a SOC environment.
View termNguyên nhân gốc rễ
The fundamental underlying reason or origin of a security incident, breach, or operational failure, identified through structured analysis to inform remediation and prevent recurrence.
View termNgăn chặn cảnh báo
The intentional filtering or silencing of specific security alerts to reduce noise from false positives and allow focus on actionable incidents.
View termNâng Cấp Cảnh Báo
The process of forwarding a security alert to higher-level analysts or decision makers when the event exceeds the current responder’s authority or capacity.
View termPhát hiện bất thường
Anomaly Detection is the process of identifying unusual patterns, events, or activities in datasets, logs, or network traffic that may indicate a security incident, compromise, or operational risk, utilizing baselines and advanced algorithms. Used in SOCs for early warning and threat detection.
View termPhát hiện Sự cố
The process of identifying potential or actual security incidents in an IT environment by monitoring logs, events, and network activity, using automated tools and manual analysis, as described in NIST SP 800-61, ISO/IEC 27035, and SANS guidelines.
View termPhân loại Cảnh báo
The systematic process of evaluating, prioritizing, and categorizing security alerts based on severity, credibility, and potential impact, enabling efficient resource allocation and rapid incident detection within a SOC, as described in NIST SP 800-61 and MITRE ATT&CK®.
View termPhân loại sự cố
Incident Categorization is the process of classifying security events or incidents based on type, severity, impact, and urgency to ensure standardized response procedures and accurate reporting within security operations.
View termPhân loại sự kiện
The process of rapidly classifying, prioritizing, and assigning security events for investigation based on impact, severity, and business risk.
View termPhân tích an ninh
Security Analytics refers to the use of advanced data analysis techniques, including machine learning and statistical models, to aggregate, process, and interpret large volumes of security event data for detecting threats, prioritizing alerts, and supporting incident response.
View termPhân tích mối đe dọa
Threat Analysis is the systematic evaluation of potential and actual cyber threats by assessing threat actor capabilities, intent, attack vectors, and potential impact to prioritize mitigation and inform security strategy.
View termPhân tích nhật ký
The process of examining and interpreting system, application, and security logs to detect, investigate, and respond to security events and operational issues. Used extensively in SOCs for threat hunting, compliance, and forensic investigations.
View termPhân tích Pháp y
The scientific examination and investigation of digital devices, logs, or data to identify, collect, preserve, and analyze evidence related to security incidents, enabling root-cause determination and supporting legal or disciplinary action, as described in NIST SP 800-86 and ISO/IEC 27037.
View termPhân tích pháp y
The application of specialized techniques to collect, preserve, and analyze digital evidence from information systems following a security incident.
View termPhân tích phần mềm độc hại
The process of examining malicious software to understand its behavior, intent, origin, and potential impact on affected systems.
View termPhân Tích Sự Cố
The comprehensive examination and assessment of a security incident to determine its cause, scope, impact, and lessons learned for continuous improvement.
View termPhân đoạn mạng
The practice of dividing a computer network into subnetworks, each being a network segment, to improve security, performance, and manageability by restricting lateral movement.
View termPhản Ứng An Ninh
Coordinated activities by security personnel to mitigate, contain, and resolve identified threats or incidents in accordance with organizational protocols.
View termPhản ứng lừa đảo
Coordinated actions taken to detect, contain, and mitigate phishing attacks, including user notification, credential reset, and blocking malicious domains.
View termPhối hợp ứng phó
The structured management and collaboration among teams and stakeholders to ensure efficient containment, eradication, and recovery from a cybersecurity incident.
View termPlaybook An ninh
A documented set of repeatable incident response procedures and decision trees tailored to specific threat scenarios or alerts.
View termQuy trình khắc phục
Remediation Workflow is a structured, documented process for addressing and resolving identified security issues or incidents, encompassing investigation, mitigation, validation, and post-incident review steps within security operations.
View termQuy trình sự cố
A structured sequence of tasks and escalation steps followed during the lifecycle of a security incident, from detection through resolution and post-incident review.
View termQuy trình điều tra
A structured series of analytical steps undertaken by security teams to determine the scope, cause, and impact of a cybersecurity incident, using forensic techniques and available evidence.
View termQuy Trình Ứng Phó
A formalized, step-by-step sequence of procedures and roles that guide the incident response process from detection through resolution in accordance with established policies.
View termQuản lý khủng hoảng
Coordinated organizational actions and communication aimed at containing, resolving, and recovering from severe security incidents or disruptions to minimize operational and reputational damage.
View termQuản Lý Sự Cố
A coordinated set of processes and tools for identifying, assessing, responding to, tracking, and resolving security incidents to minimize business impact, ensure compliance, and enable post-incident analysis in accordance with established policies and standards (ref: NIST SP 800-61, ISO/IEC 27035).
View termQuản lý Trường hợp
The process of documenting, tracking, and resolving security incidents or investigations within a structured platform, ensuring workflow accountability, auditability, and collaboration among SOC or IR teams, as defined in NIST SP 800-61 and industry playbooks.
View termSăn lùng mối đe dọa
A proactive and iterative search through networks, endpoints, and datasets to detect and isolate advanced threats that evade automated security solutions.
View termSẵn sàng ứng phó
The state of preparedness of personnel, processes, and technology to quickly and effectively respond to cybersecurity incidents.
View termSẵn Sàng Ứng Phó Sự Cố
The proactive state of an organization’s people, processes, and technology to efficiently detect, respond to, and recover from security incidents in accordance with pre-established plans.
View termTheo Dõi Sự Cố
The systematic process of recording, updating, and monitoring security incidents throughout their lifecycle to ensure accountability, compliance, and timely resolution.
View termThu thập bằng chứng
The systematic process of gathering digital artifacts, logs, devices, or other data relevant to a security incident, following forensic best practices to preserve integrity.
View termThông Báo An Ninh
The formal process of communicating significant security events or incident statuses to designated stakeholders or regulatory bodies, ensuring transparency and compliance.
View termThông Báo Mối Đe Dọa
Official communication to stakeholders regarding the discovery or presence of a specific cyber threat, often required by regulations or internal policy.
View termThông báo sự cố
The act of formally informing stakeholders, management, or regulatory bodies about a detected or ongoing security incident in accordance with established policies.
View termThông báo vi phạm
The formal process of informing affected parties, regulators, and other stakeholders about a confirmed data breach, in accordance with legal and contractual obligations.
View termTiêm tiến trình
A technique used by attackers or legitimate tools to inject code into the address space of another process, enabling code execution within the context of a target process, often to evade detection or escalate privileges.
View termTài Liệu Cảnh Báo
The detailed recording of all relevant information about a security alert, including source, analysis, actions, and outcomes, to support accountability and future reference.
View termTài liệu sự cố
The detailed and systematic recording of all relevant information, actions, decisions, and evidence related to a cybersecurity incident throughout its lifecycle.
View termTình báo Mối đe dọa
Evidence-based knowledge about existing and emerging threats, derived from analysis of indicators, adversary behavior, and context, which is used to inform defense strategies and enable proactive mitigation, as described in NIST SP 800-150, MITRE ATT&CK, and ISO/IEC 27002.
View termTương quan cảnh báo
Alert Correlation is the process of analyzing and linking related security alerts from different sources or systems to identify complex threats, reduce false positives, and streamline incident response.
View termTương Quan Mối Đe Dọa
The analytical process of aggregating and comparing multiple data points from diverse sources to identify relationships or patterns that indicate a sophisticated cyber threat.
View termTương quan sự kiện
The process of analyzing and combining related security events from multiple sources to identify patterns indicative of incidents or attacks.
View termTổng hợp nhật ký
Log Aggregation is the process of collecting and centralizing logs from diverse systems, applications, and devices into a unified repository for correlation, analysis, and compliance within security operations.
View termTự động hóa bảo mật
Security Automation is the application of technology to perform repetitive or time-sensitive security operations tasks—such as detection, response, and remediation—without human intervention, typically using SOAR or automated scripting.
View termTự động hóa Playbook
The automated execution of predefined incident response actions and workflows using orchestration tools, reducing manual intervention and response time in SOC operations.
View termVi Phạm Chính Sách An Ninh
Any action or event that contravenes an established information security policy or standard, triggering investigation or response according to compliance protocols.
View termViễn trắc bảo mật
Security Telemetry refers to the automated collection, transmission, and aggregation of security-relevant data—such as logs, metrics, events, and alerts—from endpoints, networks, and cloud systems to enable real-time monitoring and analysis.
View termVòng Đời Cảnh Báo
The sequence of phases that a security alert undergoes, from initial detection and triage through investigation, escalation, response, resolution, and closure.
View termXác Thực Cảnh Báo
The process of verifying whether a security alert is genuine, actionable, and relevant, typically by correlating with additional telemetry or threat intelligence to reduce false positives before escalation.
View termXử lý Sự cố
A structured set of procedures used by security teams to address, manage, and resolve cybersecurity incidents, including containment, eradication, and recovery, following official frameworks such as NIST SP 800-61 and ISO/IEC 27035.
View termXử lý sự cố
The comprehensive process of managing a cybersecurity incident from initial detection through analysis, containment, eradication, recovery, and post-incident review.
View termĐiều phối an ninh
The automated coordination and integration of security tools, processes, and workflows to accelerate response and improve operational efficiency in security operations centers.
View termĐiều phối phản ứng
Response Coordination is the organized management of communication, task allocation, and resource deployment among stakeholders during a cybersecurity incident to ensure effective mitigation and timely resolution.
View termĐiều tra cảnh báo
The process of analyzing and validating security alerts to determine their legitimacy, scope, and required response actions.
View termĐiều Tra Cảnh Báo
The structured process of examining the source, context, and impact of a security alert to determine its validity, root cause, and next response steps.
View termĐiều tra sự cố
A systematic process of collecting, analyzing, and documenting evidence to determine the cause, impact, and scope of a security incident.
View termĐánh giá mối đe dọa
A structured process for identifying, analyzing, and prioritizing potential threats to an organization's assets, operations, or information based on current intelligence and risk posture.
View termĐánh Giá Sự Cố
A structured post-incident process for evaluating the effectiveness of detection, response, and recovery measures to identify lessons learned and update procedures.
View termĐánh giá xâm nhập
Compromise Assessment is the comprehensive evaluation of an organization’s systems, networks, and data to identify evidence of past or ongoing security breaches or unauthorized access, often leveraging threat hunting techniques.
View termĐóng sự cố
The formal completion and documentation of all response activities for a security incident, ensuring lessons learned and post-incident reviews are recorded before closing the case.
View termƯu tiên cảnh báo
The process of ranking and categorizing security alerts based on risk, relevance, and organizational impact, to enable efficient triage and response by SOC analysts.
View termƯu Tiên Sự Cố
The classification and ranking of security incidents based on risk, severity, and potential business impact to determine response order and resource allocation.
View termỨng phó Sự cố
A coordinated approach to addressing and managing the aftermath of a security breach or cyberattack, with the aim of limiting damage, reducing recovery time and costs, and preventing future incidents. Involves predefined processes for detection, containment, eradication, and recovery, as formalized in NIST SP 800-61 and ISO/IEC 27035.
View term