Glossary.

AI


Artificial Intelligence: the development of computer systems able to perform tasks that normally require human intelligence

Apples to Apples


A comparison that occurs to demonstrate that 2 items or 2 groups of items are the same. This is usually expressed in a sales discussion as in “Let’s compare apples to apples”. RedLegg is currently seeking an alternative to this phrase.

Application Testing


Process which applications are tested for quality, functionality, compatibility, usability, performance, and other characteristics

APT


Commonly misunderstood acronym for Advanced Persistent Threat. You’re going to have to call us for the full definition.

ARMEE


RedLegg-created methodology that takes a holistic approach to risk management by focusing on 5 key components: Assess, Remediate, Monitor, Educate, Enforce.

Attribution


Process of establishing who is behind a cyber attack

Back door


A way to enter a program that doesn’t require authentication. Opposite of front door.

Best Practices


Commonly used term loosely defined that allows technology practitioners to instill their sense of truth and justice.

Cryptocurrency


A form of online currency, often used as the ransom in ransomware attacks

CSA


Cloud Security Alliance. A not-for-profit organization with a mission to promote the use of best practice for providing security assurance within Cloud Computing & to provide education on the uses of Cloud Computing to help secure all forms of computing.

CSSK


Certificate of Cloud Security Knowledge

CVE


Common Vulnerability and Exposures: a catalog of known and common security threats

Dark Web


Websites that are only accessible through specialty networks (not assessable through google)

Data


Information

Data Storage


Anything with information recorded on it.

Digital Security Services


Security tool, engineering, documentation, and executive advisory services to meet critical cybersecurity needs

Encryption


The process of scrambling data or messages to make it unreadable or secret

Firewall


A part of computer system/network that is designed to block unauthorized access while permitting outward communication

Gap Assessment


Analysis that compares your current security state against common frameworks or security best practices.

Hacker


Someone who breaks into systems and exploit the details of programmable systems and how to stretch their capabilities.

Incident Response


Organized approach to addressing and managing the aftermath of a security breach or cyberattack in a way that limits damage and reduces recovery time and costs.

Information Security Services


Comprehensive and holistic approach to protecting individuals and firms from cyber attacks.

Infosec


Abbreviation for “information security”.

Internet of Thing (IoT)


Refers to the continually growing network of physical objects that have internet connectivity, and the communication that occurs between these objects and other internet devices

Log Source


The automatically produced and time-stamped documentation of events relevant to a system.

Malware


Abbreviation for “malicious software”.

Managed Decection and Response


All-encompassing cybersecurity service used to detect and respond to threats.

Managed Security Services


Overseeing of a company’s network and information system security.

Network Configuration


Process of setting a network’s controls, flow, and operation.

Opsec


Abbreviation for “operational security”.

Patch


Piece of software designed to update a computer program to fix/improve it.

Penetration Testing


An attacker reaches out trying to obtain specific information that can be used in a larger attack.

Phishing Test


Purposely trying to hack into your own network to discover loopholes within its security framework.

Policy Framework Development


Help organizations to properly articulate the organization’s desired behavior, mitigate risk and contribute to achieving the organization’s goals.

Ransomware


A type of malware that locks your computer and won’t let you access your files until a ransom is paid.

RedLeg


RedLeg (one g) is slang for military artillery personnel.

RedLegg Mission


Improve client’s security posture by providing superior security services.

RedLegg Vision


To provide a balanced and holistic approach to assessing, building and maintaining our client’s security needs. Evoloving security practice & improving operational security.

Risk Analysis


The review of the risks associated with an event or action.

Risk Assessment


Formal evaluation of an organization’s information security program that quantifies the risk by evaluating assets that need protection, the threats to those assets, and the likelihood and impact should those threats could be realized.

Secure Code Review


A specialized task involving manual and/or automated review of an application’s source code to identify security-related weaknesses.

Risk Assessment


Individual who is responsible for maintaining the security of a company’s computer system.

SIEM


“Security Information and Event Management” provides real-time analysis of security alerts.

Social Engineering


Phone call/email phishing attempts to extract information that would be useful for a larger attack.

Spoofing


Hackers can manipulate their email address to help them trick people in a social engineering attack.

Threat Intelligence


Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard.

Threat Modeling


Procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system.

Two-factor Authentication


An extra layer of security above and beyond the traditional username and password.

Tradecraft Labs


One of three divisions of RedLegg. Tradecraft Labs handles pentests and application security.

UTM Management


Devices are traditional firewalls that include additional security features such as, network intrusion prevention, gateway antivirus, gateway anti-spam, VPN, content filtering, load balancing, data loss prevention, and data collection with reporting.

vCISO


Virtual CISO: CISO-level strategic advice to operational expertise, this program allows an organization to obtain expertise and experience in one or multiple sections of information assurance.

Virus


A type of malware that typically is embedded and hidden in a program or file.

VPN


Abbreviation for “virtual private network”; uses encryption to create a private and secure channel to connect to the internet when you’re on a network that you do not trust.

Vuln Scan


“Vulnerability Scan”.

Vulnerability Management


Cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities.