Dictionary · NIST SP 800-61

Monitoring resources to determine typical utilization patterns so that significant deviations can be detected.

A capability set up for the purpose of assisting in responding to computer security-related incidents; also called a Computer Incident Response Team (CIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability).

A sign that an attacker may be preparing to cause an incident.

Any observable occurrence in a network or system.

An alert that incorrectly indicates that malicious activity is occurring.

The mitigation of violations of security policies and recommended practices.

A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.

A sign that an incident may have occurred or may be currently occurring.

Software that automates the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents and attempting to stop detected possible incidents.

A virus, worm, Trojan horse, or other code-based malicious entity that successfully infects a host.

Measuring the characteristics of expected activity so that changes to it can be more easily identified.

A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system.

An attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks.

The potential source of an adverse event.

A weakness in a system, application, or network that is subject to exploitation or misuse.