Below is a comprehensive glossary of acronyms commonly encountered in a Security Operations Centre (SOC) service. These terms are essential for understanding SOC operations, security monitoring, incident response, and threat management.
A
APT (Advanced Persistent Threat)
A sophisticated, prolonged cyberattack targeting a specific entity, often carried out by nation-states or organised cybercriminal groups.
API (Application Programming Interface)
A set of rules and protocols that allow different software applications to communicate and interact with each other.
B
BCP (Business Continuity Plan)
A plan outlining procedures to ensure critical business functions continue during and after a disruption or disaster.
BGP (Border Gateway Protocol)
A protocol used to route traffic between large networks or autonomous systems on the internet.
C
CIRT (Cyber Incident Response Team) - also CERT (Computer Emergency Response Team)
A team responsible for responding to and managing cybersecurity incidents within an organisation.
CISO (Chief Information Security Officer)
An executive responsible for an organisation's overall information security strategy and governance.
CVE (Common Vulnerabilities and Exposures)
A publicly available list of known security vulnerabilities and exposures used for vulnerability identification and remediation.
CVSS (Common Vulnerability Scoring System)
A standardised framework for assigning a severity score to a security vulnerability, based on its potential impact.
D
DDoS (Distributed Denial of Service)
An attack that overwhelms a target's systems or network with a flood of traffic, rendering it unavailable to legitimate users.
DNS (Domain Name System)
A system that translates human-readable domain names (e.g., example.com) into IP addresses that computers can understand.
DLP (Data Loss Prevention)
Technologies and processes designed to prevent the unauthorised transmission or exposure of sensitive data.
E
EDR (Endpoint Detection and Response)
A security solution that provides continuous monitoring and response capabilities for endpoints (e.g., computers, servers, mobile devices).
ELK (Elasticsearch, Logstash, Kibana)
A popular open-source stack used for logging, data analysis, and visualisation in SOC environments.
F
FIM (File Integrity Monitoring)
A security control that detects and alerts on changes to critical files, helping identify unauthorised modifications.
FTP (File Transfer Protocol)
A standard network protocol used to transfer files between computers over a TCP/IP network.
I
IDS (Intrusion Detection System)
A security system that monitors network or system activities for malicious activity or policy violations.
IoC (Indicator of Compromise)
Evidence or artefacts that indicate a system has been or may be compromised (e.g., unusual traffic, malware signatures).
IPS (Intrusion Prevention System)
A security device or application that actively blocks detected threats in real-time.
ISO (International Organization for Standardization)
A global standard-setting body that develops and publishes standards, including ISO/IEC 27001 for information security management.
K
KPI (Key Performance Indicator)
A measurable value used to assess the performance of a system, process, or team within an organisation.
L
LDAP (Lightweight Directory Access Protocol)
A protocol used to access and manage directory information, such as user accounts and permissions.
Log
A record of events or transactions generated by applications, devices, or networks for auditing and security purposes.
M
MDR (Managed Detection and Response)
A cybersecurity service that provides threat detection, investigation, and response capabilities as a managed service.
MITM (Man-in-the-Middle)
A type of attack where an attacker intercepts and manipulates communications between two parties without their knowledge.
MSSP (Managed Security Services Provider)
A third-party provider that delivers outsourced security services, including SOC operations.
N
NIDS (Network Intrusion Detection System)
A system that monitors network traffic for suspicious activity and potential attacks.
NIST (National Institute of Standards and Technology)
A US-based organisation that provides cybersecurity standards, guidelines, and best practices (e.g., NIST Cybersecurity Framework).
O
OT (Operational Technology)
Systems and devices that manage physical processes and equipment, such as in manufacturing, transportation, and maritime operations.
OWASP (Open Web Application Security Project)
A non-profit organisation that provides guidelines and resources for improving the security of web applications.
P
PCI DSS (Payment Card Industry Data Security Standard)
A security standard designed to protect payment card data and ensure secure payment processing environments.
PT (Penetration Testing)
A controlled, authorised simulation of a cyberattack to identify vulnerabilities and test security measures.
PTES (Penetration Testing Execution Standard)
A standardised methodology for conducting penetration tests.
R
RMM (Remote Monitoring and Management)
Tools and software used by SOC teams to remotely monitor and manage systems, networks, and endpoints.
RTO (Recovery Time Objective)
The target time within which business operations must be restored after a disruption or disaster.
S
SCADA (Supervisory Control and Data Acquisition)
A system used to control and monitor industrial processes, often found in maritime and critical infrastructure.
SIEM (Security Information and Event Management)
A centralised platform that collects, analyses, and correlates security event data from across an organisation's infrastructure.
SOC (Security Operations Centre)
A dedicated team and infrastructure responsible for monitoring, detecting, and responding to cybersecurity threats.
SOAR (Security Orchestration, Automation, and Response)
A solution that integrates security tools and automates workflows to improve threat detection and response times.
T
TTP (Tactics, Techniques, and Procedures)
A framework used to describe the methods and behaviours of attackers, often referenced in threat intelligence and incident analysis.
TLS (Transport Layer Security)
A cryptographic protocol designed to provide secure communication over a network.
U
UEBA (User and Entity Behaviour Analytics)
A security solution that analyses user and system behaviour to detect anomalies and potential security threats.
V
VPN (Virtual Private Network)
A technology that establishes a secure, encrypted connection between two networks over the internet.
VPR (Vulnerability Priority Rating)
A rating system used to prioritise vulnerabilities based on factors such as exploitability and impact.
W
WAF (Web Application Firewall)
A security solution that monitors and filters HTTP/S traffic to protect web applications from attacks like SQL injection and cross-site scripting (XSS).
Z
Zero-Day
A vulnerability that is unknown to the software vendor and has no available fix, often exploited by attackers.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article