Plain-English definitions of the operations terms that recur in CySA+ study. Simplified for learning; CompTIA’s objectives are authoritative.
| Term | Definition |
|---|---|
| SIEM | A system that collects and correlates logs to detect and alert on threats. |
| SOC | Security Operations Centre — the team that monitors and responds. |
| IoC | Indicator of Compromise — evidence that a system was attacked. |
| TTP | Tactics, Techniques and Procedures used by an attacker. |
| Threat intelligence | Information about threats used to inform detection and defence. |
| Baseline | A profile of normal activity, used to detect anomalies. |
| False positive | An alert that turns out not to be a real threat. |
| CVSS | Common Vulnerability Scoring System, rating severity 0–10. |
| CVE | Common Vulnerabilities and Exposures — a catalogue of known flaws. |
| Vulnerability scan | An automated check for known weaknesses. |
| Prioritisation | Ranking vulnerabilities by real-world risk, not just score. |
| Incident response | The organised approach to handling a security incident. |
| Containment | Steps to stop an incident from spreading. |
| Eradication | Removing the cause of an incident. |
| Chain of custody | Documented, unbroken handling of evidence. |
| MTTD | Mean Time To Detect an incident. |
| MTTR | Mean Time To Respond to or repair an incident. |
| SOAR | Security Orchestration, Automation and Response. |
| Playbook | A predefined set of response steps for a scenario. |
| EDR | Endpoint Detection and Response tooling. |
| Threat hunting | Proactively searching for threats that evaded detection. |