Debriefing

The Devil's Infosec Dictionary

With a nod to Ambrose Bierce

By Scott Berinato

August 01, 2005 — CSO —

24/7: adj. The window of time in which systems are most vulnerable to attack
Access Control List (ACL): The operating system file that gives users access to files and programs they have no good reason to access
Analyst, security: A mercenary paid vast sums of money to tell you that your systems can't be secured
Back door: A hacker's front door
Backup: A process you don't need until you don't do it
BC/DR (Business Continuity/Disaster Recovery Planning): An alternate spelling for "CISO"
Biometrics: Strong authentication mechanism that streamlines insider attacks
Bot: See "Zombie"
Business case: A creative writing project, the quality of which is directly proportional to your security budget
Client/server: Two types of easily hacked computers
Clean desk policy: What document users admit to ignoring during your intellectual property theft investigation
Confidentiality, integrity and availability: The three great myths of the Internet Age
Crackers: Hackers
Cryptography: The science of applying a complex set of mathematical algorithms to sensitive data with the aim of making Bruce Schneier exceedingly rich
Cybercrime: Crime
Distributed Denial of Service (DDoS): See "Bot"
Downtime: Refers to computer systems' natural state; the opposite of anticipated downtime
E-Commerce: A historical fad from the late '90s meant to generate hundreds of billions of dollars in new profits; the inciting factor that generated hundreds of billions of dollars being spent on security products
Firewalls: Speed bumps
Hackers: Self-righteous crackers
Help desk: A place where rude people read instruction manuals to confused people over the phone, for a fee
Identity theft: The transfer of your personally identifying information from corporations that want to exploit it to hackers who want to exploit it
Intrusion Detection Systems (IDS): Log file generators
JOOTT ("jute"): adj. Acronym for Just One Of Those Things; the primary explanation for most information security problems
Laptop: A computer designed to allow employees to easily store vast amounts of customer data in the backseat of a taxicab
Logging: The practice of filling shelves with printouts
Logical security: A goal; also, an oxymoron
Mission critical: adj. Term used to help hackers identify their targets
Non-repudiation: The opposite of repudiation; repudiation, only not
O.S. hardening: An attempt to secure your operating system against the next hack by closing the hole used by the previous one
Passwords: Authentication tool that, when properly implemented, drives growth at the help desk
Patching: A mandatory fool's errand
Pharming and phishing: Ways to obtain phood
PKI (Public-Key Infrastructure): A system designed to transfer all of the complexities of strong authentication onto end users
Regression testing: The process by which you learn how the patches that fixed your system also broke your system
Road warriors: Traveling employees responsible for delivering malicious code back to headquarters
Scope creep: Stage three of the standard software development model
Security administrator: Firefighter
Security officer: Fall guy
Total Cost of Ownership (TCO): In security, an incalculable number always equal to or greater than the budget
Upgrade: The process by which you introduce new vulnerabilities into software
Virus: Sort of like a worm, but not exactly
Worm: Similar to a virus, but different
Zombie: See "Distributed Denial of Service"