Artificial Intelligence: the development of computer systems able to perform tasks that normally require human intelligence
A comparison that occurs to demonstrate that 2 items or 2 groups of items are the same. This is usually expressed in a sales discussion as in “Let’s compare apples to apples”. RedLegg is currently seeking an alternative to this phrase.
Process which applications are tested for quality, functionality, compatibility, usability, performance, and other characteristics
Commonly misunderstood acronym for Advanced Persistent Threat. You’re going to have to call us for the full definition.
RedLegg-created methodology that takes a holistic approach to risk management by focusing on 5 key components: Assess, Remediate, Monitor, Educate, Enforce.
Process of establishing who is behind a cyber attack
A way to enter a program that doesn’t require authentication. Opposite of front door.
Commonly used term loosely defined that allows technology practitioners to instill their sense of truth and justice.
A form of online currency, often used as the ransom in ransomware attacks
Cloud Security Alliance. A not-for-profit organization with a mission to promote the use of best practice for providing security assurance within Cloud Computing & to provide education on the uses of Cloud Computing to help secure all forms of computing.
Certificate of Cloud Security Knowledge
Common Vulnerability and Exposures: a catalog of known and common security threats
Websites that are only accessible through specialty networks (not assessable through google)
Anything with information recorded on it.
Security tool, engineering, documentation, and executive advisory services to meet critical cybersecurity needs
The process of scrambling data or messages to make it unreadable or secret
A part of computer system/network that is designed to block unauthorized access while permitting outward communication
Analysis that compares your current security state against common frameworks or security best practices.
Someone who breaks into systems and exploit the details of programmable systems and how to stretch their capabilities.
Organized approach to addressing and managing the aftermath of a security breach or cyberattack in a way that limits damage and reduces recovery time and costs.
Comprehensive and holistic approach to protecting individuals and firms from cyber attacks.
Abbreviation for “information security”.
Refers to the continually growing network of physical objects that have internet connectivity, and the communication that occurs between these objects and other internet devices
The automatically produced and time-stamped documentation of events relevant to a system.
Abbreviation for “malicious software”.
All-encompassing cybersecurity service used to detect and respond to threats.
Overseeing of a company’s network and information system security.
Process of setting a network’s controls, flow, and operation.
Abbreviation for “operational security”.
Piece of software designed to update a computer program to fix/improve it.
An attacker reaches out trying to obtain specific information that can be used in a larger attack.
Purposely trying to hack into your own network to discover loopholes within its security framework.
Help organizations to properly articulate the organization’s desired behavior, mitigate risk and contribute to achieving the organization’s goals.
A type of malware that locks your computer and won’t let you access your files until a ransom is paid.
RedLeg (one g) is slang for military artillery personnel.
Improve client's security posture by providing superior security services.
To provide a balanced and holistic approach to assessing, building and maintaining our client's security needs. Evoloving security practice & improving operational security.
The review of the risks associated with an event or action.
Formal evaluation of an organization’s information security program that quantifies the risk by evaluating assets that need protection, the threats to those assets, and the likelihood and impact should those threats could be realized.
A specialized task involving manual and/or automated review of an application's source code to identify security-related weaknesses.
Individual who is responsible for maintaining the security of a company's computer system.
“Security Information and Event Management” provides real-time analysis of security alerts.
Phone call/email phishing attempts to extract information that would be useful for a larger attack.
Hackers can manipulate their email address to help them trick people in a social engineering attack.
Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard.
Procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system.
An extra layer of security above and beyond the traditional username and password.
One of three divisions of RedLegg. Tradecraft Labs handles pentests and application security.
Devices are traditional firewalls that include additional security features such as, network intrusion prevention, gateway antivirus, gateway anti-spam, VPN, content filtering, load balancing, data loss prevention, and data collection with reporting.
Virtual CISO: CISO-level strategic advice to operational expertise, this program allows an organization to obtain expertise and experience in one or multiple sections of information assurance.
A type of malware that typically is embedded and hidden in a program or file.
Abbreviation for “virtual private network”; uses encryption to create a private and secure channel to connect to the internet when you’re on a network that you do not trust.
Cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities.