The Devil's Infosec Dictionary
24/7 adj. The window of time in which systems are most vulnerable to attack.
ACCESS CONTROL LIST (ACL) n. The operating system file that gives users access
to files and programs they have no good reason to access.
ANALYST, SECURITY n. A mercenary paid vast sums of money to tell you that your
systems can't be secured.
BACK DOOR n. A hacker's front door.
BACKUP n. A process you don't need until you don't doit.
BC/DR (BUSINESS CONTINUITY/DISASTER RECOVERY PLANNING) n. An alternate spelling
for "CISO".
BIOMETRICS n. Strong authentication mechanism that streamlines insider attacks.
BOT n. See "Zombie".
BUSINESS CASE n. A creative writing project, the quality of which is directly
proportional to your security budget.
CLIENT/SERVER n. Two types of easily hacked computers.
CLEAN DESK POLICY n. What document users admit to ignoring during your
intellectual property theft investigation.
CONFIDENTIALITY, INTEGRITY AND AVAILABILITY n. The three great myths of the
Internet Age.
CRACKERS n. Hackers.
CRYPTOGRAPHY n. The science of applying a complex set of mathematical algorithms
to sensitive data with the aim of making Bruce Schneier exceedingly rich.
CYBERCRIME n. Crime.
DISTRIBUTED DENIAL OF SERVICE (DDOS) n.See"Bot".
DOWNTIME n. Refers to computer systems' natural state; the opposite of
anticipated downtime.
E-COMMERCE n. A historical fad from the late '90s meant to generate hundreds of
billions of dollars in new profits; the inciting factor that generated hundreds
of billions of dollars being spent on security products.
FIREWALLS n. Speed bumps.
HACKERS n. Self-righteous crackers.
HELP DESK n. A place where rude people read instruction manuals to confused
people over the phone, for a fee.
IDENTITY THEFT n. The transfer of your personally identifying information from
corporations that want to exploit it to hackers who want to exploit it.
INTRUSION DETECTION SYSTEMS (IDS) n. Log file generators.
JOOTT ("JUTE") adj. Acronym for Just One Of Those Things; the primary
explanation for most information security problems.
LAPTOP n. A computer designed to allow employees to easily store vast amounts of
customer data in the backseat of a taxicab.
LOGGING v. The practice of filling shelves with printouts.
LOGICAL SECURITY n. A goal; also, an oxymoron.
MISSION CRITICAL adj. Term used to help hackers identify their targets.
NON-REPUDIATION n. The opposite of repudiation; repudiation, only not.
O.S. HARDENING v. An attempt to secure your operating system against the next
hack by closing the hole used by the previous one.
PASSWORDS n. Authentication tool that, when properly implemented, drives growth
at the help desk.
PATCHING n. A mandatory fool's errand.
PHARMING AND PHISHING n. Ways to obtain phood.
PKI (PUBLIC-KEY INFRASTRUCTURE) n. A system designed to transfer all of the
complexities of strong authentication onto end users.
REGRESSION TESTING n. The process by which you learn how the patches that fixed
your system also broke your system.
ROAD WARRIORS n. Traveling employees responsible for delivering malicious code
back to headquarters.
SCOPE CREEP n. Stage three of the standard software development model.
SECURITY ADMINISTRATOR n. Firefighter.
SECURITY OFFICER n Fall guy.
TOTAL COST OF OWNERSHIP (TCO) n. In security, an incalculable number always
equal to or greater than the budget.
UPGRADE v. The process by which you introduce new vulnerabilities into software.
VIRUS n. Sort of like a worm, but not exactly.
WORM n. Similar to a virus, but different.
ZOMBIE n. See "Distributed Denial of Service".
Source: http://www.csoonline.com August
2005, pp. 60.