With a nod to Ambrose Bierce 24/7adj. The window of time in which systems are most vulnerable to attackAccess Control List (ACL)The operating system file that gives users access to files and programs they have no good reason to accessAnalyst, securityA mercenary paid vast sums of money to tell you that your systems can’t be securedBack doorA hacker’s front doorBackupA process you don’t need until you don’t do itBC/DR (Business Continuity/Disaster Recovery Planning)An alternate spelling for “CISO”BiometricsStrong authentication mechanism that streamlines insider attacksBotSee “Zombie”Business caseA creative writing project, the quality of which is directly proportional to your security budgetClient/serverTwo types of easily hacked computersClean desk policyWhat document users admit to ignoring during your intellectual property theft investigationConfidentiality, integrity and availabilityThe three great myths of the Internet AgeCrackersHackersCryptographyThe science of applying a complex set of mathematical algorithms to sensitive data with the aim of making Bruce Schneier exceedingly richCybercrimeCrimeDistributed Denial of Service (DDoS)See “Bot”DowntimeRefers to computer systems’ natural state; the opposite of anticipated downtimeE-CommerceA historical fad from the late ’90s meant to generate hundreds of billions of dollars in new profits; the inciting factor that generated hundreds of billions of dollars being spent on security productsFirewallsSpeed bumpsHackersSelf-righteous crackers Help deskA place where rude people read instruction manuals to confused people over the phone, for a feeIdentity theftThe transfer of your personally identifying information from corporations that want to exploit it to hackers who want to exploit itIntrusion Detection Systems (IDS)Log file generatorsJOOTT (“jute”)adj. Acronym for Just One Of Those Things; the primary explanation for most information security problemsLaptopA computer designed to allow employees to easily store vast amounts of customer data in the backseat of a taxicabLoggingThe practice of filling shelves with printoutsLogical securityA goal; also, an oxymoronMission criticaladj. Term used to help hackers identify their targetsNon-repudiationThe opposite of repudiation; repudiation, only notO.S. hardeningAn attempt to secure your operating system against the next hack by closing the hole used by the previous onePasswordsAuthentication tool that, when properly implemented, drives growth at the help deskPatchingA mandatory fool’s errandPharming and phishingWays to obtain phoodPKI (Public-Key Infrastructure)A system designed to transfer all of the complexities of strong authentication onto end usersRegression testingThe process by which you learn how the patches that fixed your system also broke your systemRoad warriorsTraveling employees responsible for delivering malicious code back to headquartersScope creepStage three of the standard software development modelSecurity administratorFirefighterSecurity officerFall guyTotal Cost of Ownership (TCO)In security, an incalculable number always equal to or greater than the budget UpgradeThe process by which you introduce new vulnerabilities into softwareVirusSort of like a worm, but not exactlyWormSimilar to a virus, but differentZombieSee “Distributed Denial of Service” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe