Skip to content
Log in

Escalation Path

Definition

The predefined chain of notification and decision-making authority that an incident follows as its severity increases. Documented in the IR plan before any incident occurs, it specifies who must be informed at each severity level, what actions they are authorised to take, and at what point external notification to regulators or affected parties is required.

Related terms

CSIRT (Computer Security Incident Response Team)
A dedicated team responsible for coordinating the response to confirmed security incidents. The CSIRT manages containment, forensic investigation, communication to stakeholders, and...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Managed Security Service Provider (MSSP)
A third-party organisation that delivers security monitoring, tooling, and analyst coverage as a contracted service. Used in fully outsourced and co-managed SOC...
Playbook
A documented step-by-step procedure for responding to a specific type of security event. Playbooks standardise analyst behaviour, reduce response time, and ensure...
Security Operations Centre (SOC)
The dedicated team and technology platform responsible for continuous monitoring, detection, analysis, and coordinated response to security events. May be in-house, co-managed,...
SIEM (Security Information and Event Management)
A platform that aggregates log and event data from systems, networks, and applications across an environment, correlates events against detection rules, generates...
SOC (Security Operations Centre)
A function providing continuous monitoring, alert triage, and early detection of security events. The SOC is the first tier of response: it...
Tactics, Techniques, and Procedures (TTPs)
A three-level description of adversary behaviour. Tactics are the high-level goals (initial access, persistence, exfiltration). Techniques are the specific methods (spear-phishing, pass-the-hash)....
Threat actor
An individual or group responsible for a security incident or malicious campaign. Threat actors are categorised by motivation (financial, espionage, hacktivism, destruction)...
Threat hunting
A proactive, human-led process that searches for evidence of adversary activity in an environment under the assumption that automated controls have been...

Explained in these topics

  • Key Terms and Stakeholders in Incident ResponseThe predefined chain of notification and decision-making authority that an incident follows as its severity increases. Documented in the IR plan before any inc...
  • SOC Structure and the Tier ModelThe defined procedure by which an alert or incident is passed from one SOC tier to the next, including the information that must accompany the handoff and the...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account