Recurrence
Definition
Re-establishment of attacker access or re-execution of the same attack vector after the prior incident has been eradicated. Recurrence triggers the incident response process again and may reset notification obligations under breach disclosure law.
Related terms
- Baseline comparison
- Comparison of a recovered system's current state, including running processes, network connections, scheduled tasks, and file hashes, against a known-good reference state...
- Extended monitoring window
- A defined period of heightened detection sensitivity following recovery, during which security operations maintain increased logging, alert thresholds, and analyst attention. Ends...
- Honeytoken
- A synthetic credential, document, or data record placed in a monitored location. Any attempt to use or access the honeytoken is an...
- Recovery validation
- The verification process that confirms a restored system is clean, correctly configured, and free from residual attacker access. Distinct from eradication, which...
- Tripwire
- A deliberately placed artefact or detection rule designed to fire only if an attacker returns or residual malware reactivates. Examples include canary...
Explained in
- Validating Recovery and Monitoring for RecurrenceRe-establishment of attacker access or re-execution of the same attack vector after the prior incident has been eradicated. Recurrence triggers the incident re...