The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.

Red Team:

A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.

Red Team exercise:

An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.


Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.


The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.


The activities that address the short-term, direct effects of an incident and may also support short-term recovery.  In cybersecurity, response encompasses both automated and manual activities.


The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.

Risk analysis:

The systematic examination of the components and characteristics of risk. In the context of network security, risk analysis can include identification of the implications of a sescurity policy change and the definition of the attack surface.

Risk assessment:

The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making. The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.

Risk management:

The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.  Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.

Risk-based data management:

A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data.


A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.


In the context of security policy, a rule describes or prescribes what actions, communications, or states are possible or allowable in a given IT infrastructure or application. Some rules can be automatically defined based upon industry guidelines/regulations, or manually defined for a given use case.