Debriefing

The Devil's Infosec Dictionary

With a nod to Ambrose Bierce

By Scott Berinato

August 01, 2005 — CSO —

24/7

adj. The window of time in which systems are most vulnerable to attack

Access Control List (ACL)

The operating system file that gives users access to files and programs they have no good reason to access

Analyst, security

A mercenary paid vast sums of money to tell you that your systems can't be secured

Back door

A hacker's front door

Backup

A process you don't need until you don't do it

BC/DR (Business Continuity/Disaster Recovery Planning)

An alternate spelling for "CISO"

Biometrics

Strong authentication mechanism that streamlines insider attacks

Bot

See "Zombie"

Business case

A creative writing project, the quality of which is directly proportional to your security budget

Client/server

Two types of easily hacked computers

Clean desk policy

What document users admit to ignoring during your intellectual property theft investigation

Confidentiality, integrity and availability

The three great myths of the Internet Age

Crackers

Hackers

Cryptography

The science of applying a complex set of mathematical algorithms to sensitive data with the aim of making Bruce Schneier exceedingly rich

Cybercrime

Crime

Distributed Denial of Service (DDoS)

See "Bot"

Downtime

Refers to computer systems' natural state; the opposite of anticipated downtime

E-Commerce

A historical fad from the late '90s meant to generate hundreds of billions of dollars in new profits; the inciting factor that generated hundreds of billions of dollars being spent on security products

Firewalls

Speed bumps

Hackers

Self-righteous crackers

Help desk

A place where rude people read instruction manuals to confused people over the phone, for a fee

Identity theft

The transfer of your personally identifying information from corporations that want to exploit it to hackers who want to exploit it

Intrusion Detection Systems (IDS)

Log file generators

JOOTT ("jute")

adj. Acronym for Just One Of Those Things; the primary explanation for most information security problems

Laptop

A computer designed to allow employees to easily store vast amounts of customer data in the backseat of a taxicab

Logging

The practice of filling shelves with printouts

Logical security

A goal; also, an oxymoron

Mission critical

adj. Term used to help hackers identify their targets

Non-repudiation

The opposite of repudiation; repudiation, only not

O.S. hardening

An attempt to secure your operating system against the next hack by closing the hole used by the previous one

Passwords

Authentication tool that, when properly implemented, drives growth at the help desk

Patching

A mandatory fool's errand

Pharming and phishing

Ways to obtain phood

PKI (Public-Key Infrastructure)

A system designed to transfer all of the complexities of strong authentication onto end users

Regression testing

The process by which you learn how the patches that fixed your system also broke your system

Road warriors

Traveling employees responsible for delivering malicious code back to headquarters

Scope creep

Stage three of the standard software development model

Security administrator

Firefighter

Security officer

Fall guy

Total Cost of Ownership (TCO)

In security, an incalculable number always equal to or greater than the budget

Upgrade

The process by which you introduce new vulnerabilities into software

Virus

Sort of like a worm, but not exactly

Worm

Similar to a virus, but different

Zombie

See "Distributed Denial of Service"

Other stories by Scott Berinato

• Email
• Print
• Comments
• Digg This
• SlashDot

• The Devil's Security Dictionary 2.0