Term 241
Endpoint detection and response
Endpoint detection and response (EDR) is a cybersecurity solution that continuously monitors endpoint devices for suspicious activity and automatically responds to threats to stop attacks in real time.
Acronym study
Terms 241–270 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 241
Endpoint detection and response (EDR) is a cybersecurity solution that continuously monitors endpoint devices for suspicious activity and automatically responds to threats to stop attacks in real time.
Term 242
Endpoint protection is a security approach that safeguards devices like laptops, phones, and servers from malicious threats by monitoring, detecting, and blocking attacks at the device level.
Term 243
An endpoint security policy is a set of rules that controls how devices like laptops, phones, and servers connect to a network and what security protections they must have to keep data safe.
Term 244
Endpoint telemetry is the automated collection and transmission of security-relevant data from devices like laptops, servers, and phones to a central monitoring system for threat detection and analysis.
Term 245
Enterprise risk management is the systematic process of identifying, assessing, and responding to risks that could affect an organization’s ability to achieve its objectives.
Term 246
End of Life (EOL) is the date when a vendor stops selling, supporting, or patching a product, requiring migration to avoid security and compliance risks.
Term 247
EOS (End of Support) marks the date when a vendor stops providing technical assistance, patches, and firmware updates for a product.
Term 248
Eradication is the phase in incident response where the root cause of a security breach is completely removed from the system to prevent the attack from happening again.
Term 249
An escalation path is a predefined process that determines how an incident or issue is raised to higher-level support or management when it cannot be resolved at the current level.
Term 250
ESP (Encapsulating Security Payload) is a core protocol in IPsec that provides confidentiality, data integrity, and authentication for VPN traffic by encrypting and optionally authenticating the payload of IP packets.
Term 251
ESP (Encapsulating Security Payload) provides confidentiality, data origin authentication, connectionless integrity, and anti-replay protection for IP packets.
Term 252
A rating from the Common Criteria that measures how thoroughly a computer product or system has been tested and verified for security.
Term 253
An event is any identifiable occurrence or action in a computer system, network, or application that can be logged, monitored, or analyzed for security or operational purposes.
Term 254
An event log is a file or record that stores a chronological list of events, changes, errors, or security incidents occurring on a computer system or network.
Term 255
Evidence handling is the process of properly collecting, preserving, documenting, and storing digital evidence to maintain its integrity and admissibility in legal or administrative proceedings.
Term 256
Evidence preservation is the process of protecting and maintaining digital data in its original state so it can be used in legal or investigative proceedings without being altered or corrupted.
Term 257
An evil twin attack is a rogue wireless access point that impersonates a legitimate network to intercept or manipulate user traffic.
Term 258
Exposure is the measure of potential loss or harm to an organization's assets when a vulnerability is exploited by a threat, often expressed as the window of time or degree of access an attacker has.
Term 259
Exposure factor is the percentage of an asset's value that would be lost if a specific threat event occurs, used to calculate the single loss expectancy in risk analysis.
Term 260
An extended access control list (ACL) is a set of rules that filters network traffic based on source and destination IP addresses, protocol type, and port numbers, providing more granular control than a standard ACL.
Term 261
Extended Detection and Response (XDR) is a security approach that collects and analyzes data from multiple sources like endpoints, networks, servers, and email to detect and stop threats more effectively.
Term 262
Extensible Authentication Protocol (EAP) is a flexible authentication framework used in network access control, particularly in wireless and point-to-point connections, that supports multiple authentication methods without requiring changes to the underlying protocol.
Term 263
EAP over LAN (EAPoL) is a protocol that carries authentication messages between a device and a network access point before the device is allowed to connect to the network.
Term 264
Facial recognition technology is a biometric security method that identifies or verifies a person by analyzing and comparing patterns of their facial features.
Term 265
Fail2ban is a security tool that monitors log files for repeated authentication failures and temporarily bans the offending IP addresses using firewall rules.
Term 266
Failover is the automatic switching to a backup system when the primary system fails, ensuring continuous operation and minimal downtime.
Term 267
Failover routing is a network design that automatically redirects traffic to a backup path when the primary path fails, keeping services available.
Term 268
A false negative is when a security tool fails to detect a real threat, mistakenly treating it as harmless.
Term 269
A false positive is an alert or result that indicates a security threat or vulnerability exists when in fact there is no real issue.
Term 270
File Transfer Protocol Secure (FTPS) is a secure version of FTP that adds encryption using TLS or SSL to protect data during file transfers.