Glossary

Risk-Based Vulnerability Management (RBVM) is a process that emphasizes prioritizing the most severe security vulnerabilities and remediating according to the risk that they pose to the organization. This approach is being more widely adopted as organizations realize they have far more vulnerabilities than they can remediate, and they need a way to prioritize which to fix first.

Vulnerabilities do not all pose the same risk to an organization. By considering a combination of a vulnerability’s discoverability and exploitability, potential impact, and the business context of the asset the vulnerability is on, security teams can identify and categorize the most critical risks before a business-critical breach occurs. Such a process is only optimally useful if it also considers risks on assets that IT/security teams are not already aware of.

After a risk analysis has been made, there will be clusters of risks varying in levels of criticality. Risk prioritization is a rational and common sense approach to decision making and analytics, applied to rank and order identified risk events from most to least critical on an appropriate scale.

The method of analysis and ranking should be tied to the business needs and context in terms of immediate and future impact. It should also aim to maximize available resources.

Red, Blue, and Purple Teams consist of security professionals who are integral to maintaining and improving an organization’s security posture. Red Teams are “attackers” who deploy ethical hacking methods such as penetration testing to simulate an attack and improve defenses.

Methods include OSINT and reconnaissance to avoid being detected by Blue Teams. A Blue Team includes security professionals operating within an organization’s security operations center (SOC), acting as defenders that identify, assess and respond to potential attacks. To protect assets, Blue Teams might analyze forensic , perform DNS audits, and utilize a SIEM platform for communicating necessary actions in real time. Finally, Purple Teams unite the separate objectives of Red and Blue teams to promote information sharing, collaboration and maximize their effectiveness.

Remediation is the removal of the vulnerability or threat that could impact an organization's business and network security, typically through modifying a configuration or patching an operating system or application. Mitigation includes reducing the impact of a threat when it cannot be eliminated.

Risk is a multifactor calculation of the severity of a threat, likelihood of an occurrence, and the impact of that threat on organizational operations, reputation, and costs. This includes mission, functions, image, or reputation on the organization’s assets or individuals associated with the organization. Anything on an information system connected to a network can be open to risk. Data can be modified, copied, deleted, or encrypted, or a threat actor can access your organization’s systems without knowledge or consent and use the organization’s assets to launch other attacks.

A risk assessment is the process of identifying, analyzing, and evaluating information assets that could be affected by a cyber attack. It then identifies the risks that could affect those assets. A risk assessment helps to ensure the cybersecurity controls are appropriate to the risks facing the organization.

This process saves time, effort, and resources spent on security and addresses any risks that may be overlooked. The effectiveness of risk assessments is why many best-practice frameworks, laws, and standards recommend conducting a risk assessment.

Ransomware is a form of malware that leverages encryption to hold the operations of an organization hostage in exchange for a ransom payment. These payments often must be made via cryptocurrency. In ransomware attacks, an attacker gains access to a victim’s data, encrypts it such that the victim can no longer access it, and holds the data hostage unless an extortion payment is made. Ransomware attacks can be initiated by exploiting gaps in an organization’s attack surface to take control of IT assets and move laterally, as well as via other channels such as phishing attacks. Due to the effectiveness of ransomware, an industry of organized crime has emerged around it, including ransomware as-a-service providers.

Recon-ng is a web-based open-source reconnaissance tool (OSINT) written in Python, often paired with the Kali Linux penetration distribution. The tool reduces time spent harvesting information from open resources and consists of an extensive range of modules and database interaction.

Recon-ng is useful for collating information into one centralized source for a database. CyCognito integrates Recon-ng into its intelligent platform to conduct information gathering at scale, before other tools and methods are utilized to help organization’s see their entire attack surface and prioritize remediation steps.