CompTIA Cyber Security Analyst (CS0-003) glossary
Terms selected for CompTIA Cyber Security Analyst (CS0-003) based on common objective language and practice focus.
Incident Response
Structured process for detection, containment, eradication, recovery, and lessons learned.
Read full term ->Metrics
Quantitative measurements used to monitor system behavior and performance.
Read full term ->Observability
Ability to understand system state using telemetry such as logs, metrics, and traces.
Read full term ->Syslog
Standardized logging protocol for sending event messages to centralized collectors.
Read full term ->Baselining
Establishing normal system or network behavior as a reference for anomaly detection.
Read full term ->Chain of Custody
Documented timeline showing evidence handling from collection to analysis.
Read full term ->Forensic Imaging
Bit-level copy of storage media used for digital investigations.
Read full term ->MITRE ATT&CK
Knowledge base mapping adversary tactics, techniques, and procedures.
Read full term ->SIEM
Security Information and Event Management platform for log aggregation and correlation.
Read full term ->Threat Hunting
Proactive search for hidden threats that bypassed automated detection.
Read full term ->Vulnerability Scanning
Automated assessment process that identifies known weaknesses in systems and software.
Read full term ->Attack Surface
Total set of entry points where attackers can attempt to compromise systems.
Read full term ->Business Email Compromise (BEC)
Social engineering fraud where attackers impersonate trusted parties via email.
Read full term ->Containment
Incident response phase focused on limiting attacker movement and damage.
Read full term ->Correlation Rule
SIEM logic that links multiple events to detect suspicious activity patterns.
Read full term ->CVSS
Common Vulnerability Scoring System used to rate vulnerability severity.
Read full term ->Eradication
Incident response phase where malicious artifacts and persistence are removed.
Read full term ->Indicator of Compromise (IOC)
Forensic artifact suggesting a system may be compromised.
Read full term ->Security KPI
Key performance indicator measuring effectiveness of security operations.
Read full term ->OWASP Testing Guide
Methodology guidance for testing web applications for security weaknesses.
Read full term ->Playbook
Documented response procedure for specific incident types.
Read full term ->Risk Treatment
Decision process to mitigate, transfer, avoid, or accept identified risks.
Read full term ->Threat Intelligence
Contextual information about threats used to improve detection and decision-making.
Read full term ->Threat Modeling
Process of identifying threats and prioritizing controls during design and operations.
Read full term ->Triage
Initial analysis and prioritization of alerts or incidents.
Read full term ->TTP
Tactics, techniques, and procedures associated with adversary behavior.
Read full term ->Anomaly Detection
Technique used to identify values or behaviors that deviate from normal patterns.
Read full term ->Behavioral Analytics
Detection approach that identifies suspicious behavior patterns rather than static signatures.
Read full term ->Confidence Level
Analyst estimate of reliability and certainty for intelligence or findings.
Read full term ->Cyber Kill Chain
Model describing stages of attacker operations from reconnaissance to actions on objectives.
Read full term ->Diamond Model of Intrusion Analysis
Framework linking adversary, capability, infrastructure, and victim in intrusion analysis.
Read full term ->Dwell Time
Duration attackers remain undetected in an environment after compromise.
Read full term ->Exposure Window
Time period during which a system remains vulnerable before mitigation.
Read full term ->Forensic Timeline
Chronological reconstruction of security-relevant events during an investigation.
Read full term ->Risk Heat Map
Visualization that maps risk likelihood and impact for prioritization.
Read full term ->Incident Declaration
Formal decision that an event meets criteria to be handled as an incident.
Read full term ->Incident Severity
Classification level indicating impact and urgency of incident response actions.
Read full term ->Indicator of Attack (IOA)
Behavioral signal indicating malicious activity in progress.
Read full term ->Log Ingestion
Collection and onboarding of log data into monitoring platforms.
Read full term ->Mean Time to Detect (MTTD)
Average time between incident occurrence and detection.
Read full term ->Mean Time to Respond (MTTR)
Average time required to respond to and contain incidents.
Read full term ->OSSTMM
Open Source Security Testing Methodology Manual framework for security testing.
Read full term ->Post-Incident Review
Structured analysis after incident closure to capture lessons learned.
Read full term ->Sandbox Analysis
Controlled execution of suspicious files to observe behavior safely.
Read full term ->SOC
Security Operations Center responsible for continuous monitoring and response.
Read full term ->SIEM Use Case
Specific detection scenario implemented through data sources and correlation logic.
Read full term ->Vulnerability Prioritization
Ranking vulnerabilities by risk, exploitability, exposure, and business impact.
Read full term ->YARA
Pattern-matching language for classifying and detecting malware artifacts.
Read full term ->