IOC stands for Indicators of Compromise.These are signs that a computer or network has been hacked or infected with malware. They can include things like unusual network traffic, changes to files on the computer, or new programs that have been installed without permission. Security experts use IOCs to help detect and respond to cyber attacks. Think of it like clues that a detective uses to solve a crime. They help security professionals to know that something bad has happened and they can take steps to stop it and protect the system.
Imagine that you and your friends have a shared computer in your school. One day, you notice that the computer is running slow and that some of the files have been changed without your knowledge. You also noticed that there are new programs installed on the computer that you have never seen before.
So these are all Indicators of Compromise (IOC) that suggest that someone has hacked into the computer. The unusual network traffic and changes to files are a sign that something bad/wrong has happened. The New programs installed without permission are also an indication that the computer has been compromised.
In this scenario, the school IT department would be the Security Professionals and they would be responsible for investigating the hack, identifying the type of attack, tracking/tracing the attacker’s movements and taking steps to stop the attack and protect the system.
They might also check the computer’s logs to see if there are any clues about who might have hacked the computer and when it happened. This information could be used to identify the attacker and to determine how the attack was carried out in order to prevent similar attacks in the future.
So, if we take this example, the unusual network traffic, changes to files and new programs installed on the computer are all IOCs that helped to detect and respond to the cyber attack.