Glossary

AI

Artificial Intelligence: the development of computer systems able to perform tasks that normally require human intelligence.

Apples to Apples

A comparison that occurs to demonstrate that 2 items or 2 groups of items are the same. This is usually expressed in a sales discussion as in “Let’s compare apples to apples”. RedLegg is currently seeking an alternative to this phrase.

Application Testing

Process which applications are tested for quality, functionality, compatibility, usability, performance, and other characteristics

APT

Commonly misunderstood acronym for Advanced Persistent Threat. You’re going to have to call us for the full definition.

ARMEE

RedLegg-created methodology that takes a holistic approach to risk management by focusing on 5 key components: Assess, Remediate, Monitor, Educate, Enforce.

Attribution

Process of establishing who is behind a cyber attack

Back door

A way to enter a program that doesn’t require authentication. Opposite of front door.

Best Practices

Commonly used term loosely defined that allows technology practitioners to instill their sense of truth and justice.

Cryptocurrency

A form of online currency, often used as the ransom in ransomware attacks.

CSA

Cloud Security Alliance. A not-for-profit organization with a mission to promote the use of best practice for providing security assurance within Cloud Computing & to provide education on the uses of Cloud Computing to help secure all forms of computing.

CSSK

Certificate of Cloud Security Knowledge

CVE

Common Vulnerability and Exposures: a catalog of known and common security threats

Dark Web

Websites that are only accessible through specialty networks (not assessable through google)

Data

Information

Data Storage

Anything with information recorded on it.

Digital Security Services

Security tool, engineering, documentation, and executive advisory services to meet critical cybersecurity needs

Encryption

The process of scrambling data or messages to make it unreadable or secret

Firewall

A part of computer system/network that is designed to block unauthorized access while permitting outward communication

Gap Assessment

Analysis that compares your current security state against common frameworks or security best practices.

Hacker

Someone who breaks into systems and exploit the details of programmable systems and how to stretch their capabilities.

Incident Response

Organized approach to addressing and managing the aftermath of a security breach or cyberattack in a way that limits damage and reduces recovery time and costs.

Information Security Services

Comprehensive and holistic approach to protecting individuals and firms from cyber attacks.

Infosec

Abbreviation for “information security”.

Internet of Thing (IoT)

Refers to the continually growing network of physical objects that have internet connectivity, and the communication that occurs between these objects and other internet devices

Log Source

The automatically produced and time-stamped documentation of events relevant to a system.

Malware

Abbreviation for “malicious software”.

Managed Detection and Response

All-encompassing cybersecurity service used to detect and respond to threats.

Managed Security Services

Overseeing of a company’s network and information system security.

Network Configuration

Process of setting a network’s controls, flow, and operation.

Opsec

Abbreviation for “operational security”.

Patch

Piece of software designed to update a computer program to fix/improve it.

Penetration Testing

An attacker reaches out trying to obtain specific information that can be used in a larger attack.

Phishing Test

Purposely trying to hack into your own network to discover loopholes within its security framework.

Policy Framework Development

Help organizations to properly articulate the organization’s desired behavior, mitigate risk and contribute to achieving the organization’s goals.

Ransomware

A type of malware that locks your computer and won’t let you access your files until a ransom is paid.

RedLeg

RedLeg (one g) is slang for military artillery personnel.

RedLegg Mission

Improve client’s security posture by providing superior security services.

RedLegg Vision

To provide a balanced and holistic approach to assessing, building and maintaining our client’s security needs. Evoloving security practice & improving operational security.

Risk Analysis

The review of the risks associated with an event or action.

Risk Assessment

Formal evaluation of an organization’s information security program that quantifies the risk by evaluating assets that need protection, the threats to those assets, and the likelihood and impact should those threats could be realized.

Secure Code Review

A specialized task involving manual and/or automated review of an application’s source code to identify security-related weaknesses.

SIEM

“Security Information and Event Management” provides real-time analysis of security alerts.

Social Engineering

Phone call/email phishing attempts to extract information that would be useful for a larger attack.

Spoofing

Hackers can manipulate their email address to help them trick people in a social engineering attack.

Threat Intelligence

Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard.

Threat Modeling

Procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system.

Two-factor Authentication

An extra layer of security above and beyond the traditional username and password.

Tradecraft Labs

One of three divisions of RedLegg. Tradecraft Labs handles pentests and application security.

UTM Management

Devices are traditional firewalls that include additional security features such as, network intrusion prevention, gateway antivirus, gateway anti-spam, VPN, content filtering, load balancing, data loss prevention, and data collection with reporting.

vCISO

Virtual CISO: CISO-level strategic advice to operational expertise, this program allows an organization to obtain expertise and experience in one or multiple sections of information assurance.

Virus

A type of malware that typically is embedded and hidden in a program or file.

VPN

Abbreviation for “virtual private network”; uses encryption to create a private and secure channel to connect to the internet when you’re on a network that you do not trust.

Vuln Scan

“Vulnerability Scan”.

Vulnerability Management

Cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities.

GET COVERED.

REACH OUT