Actions taken within protected cyberspace to defeat specific threats that have breached or are threatening to breach cyberspace security measures and include actions to detect, characterize, counter, and mitigate threats, including malware or the unauthorized activities of users, and to restore the system to a secure configuration.
Sources:
CNSSI 4009-2015
under cyberspace defense
from
DoDI 8500.01
Actions taken to defend against unauthorized activity within computer networks. CND includes monitoring, detection, analysis (such as trend and pattern analysis), and response and restoration activities.
Note: Within DoD, term was approved for deletion from JP 1-02 (DoD Dictionary) by issuance of JP 3-13, "Information Operations". This term has been replaced by the use of “cyberspace defense" used in JP 3-12, "Cyberspace Operations." Original source of term was JP 1-02 (DoD Dictionary).
Sources:
CNSSI 4009-2015