The glossary below contains many of the terms you will find in common use throughout the Symantec Security Response website. Please refer to this list to find definitions of terms and answers to other Internet security-related questions.


The first phase of incident response once an alert has been escalated to an incident. It is never optional. This phase involves understanding the following to a degree that allows closure of the incident: the signature, the vulnerability or exposure, the action, the target, the result, and any attack tools involved.