The Devil’s Security Dictionary 2.0

Access control (n.) In physical security, the portion of the budget dedicated to replacing lost plastic swipe cards.

Active X (n.) A technology for making Web vulnerabilities more engaging and fun.

Black hat (n.) A bad guy doing bad things with software.

Blog (n.) A diary desired by no one and available to everyone.

Change control (n.) A carefully defined and measured process of self-delusion.

Compliance solution (n.) Surveillance and behavior control software.

Delete (v.) To remove from view (and archive).

Dirty bomb (n.) A term used to distinguish enemies’ bombs from one’s own.

E-mail (n.) A form of text communication similar to but far rarer than spam.

Endpoint security (n.) Security for points at, near or connected to the end of a network, or that have been or will be in some way related to the end in the past, now or in the future.

GAO (n.) A government agency tasked with finding a nice way to tell other government agencies their security stinks.

Gray hat (n.) A guy who’s kinda bad and kinda good doing kinda bad things with software.

Hacker (n.) A cracker with no sense of humor.

Hash table (n.) The place you roll a joint.

HIPAA (n.) Federal mandate that sensitive patient data be equally unprotected at any health-care provider the customer chooses.

HSPD-12 (?) Four capital letters followed by a hyphen and then two numerals.

Information lifecycle (n.) An important graphical representation of the various points at which data is lost or stolen; used to justify the $1,500 price of a white paper.

ISAC (n., archaic) A bureaucratic construct designed to bring CSOs and government representatives together so they can explain to each other why they can’t talk about what they’re there to talk about.

Kelly-Bootle, Stan (n.) Celebrated author of earlier Ambrose Bierce knockoff (see: Recursive).

Keystroke loggers (n.) Men who type down trees.

Outsourcing, global (n.) The process of making vulnerabilities cheaper, more efficient, and available in 37 languages and nine time zones.

Pandemic (n.) A threat that spreads rapidly through contact with daily newspapers and talk shows.

Port security (n.) In information security, proof that people don’t understand risk; in physical security, proof that people don’t understand risk.

RFID (n.) Doubleplusgood technology for monitoring cargo, chocorats or Ingsoc members suspected of crimethink so they can be vaporized speedwise.

Risk (n.) The unavoidable part of life that CEOs try to ignore, CFOs try to hide, CIOs try to understand and CSOs try to control.

Sarbanes-Oxley Act (n.) Legislation requiring public companies to establish internal controls that allow them to return their focus to reactionary, short-term, market-driven decision making.

Single Sign-On (n.) A process ensuring that one password gives hackers access to everything.

Social Engineering [To receive the definition of this term along with a free laptop and a 60” high-def TV, please e-mail your name, address, credit card # (for shipping and handling) and SSN to paranoid@cxo.com. It’s that easy!!!]

Spam (n.) The definition of “social engineering” e-mailed to 100 million of your friends.

VoIP (n.) A breakthrough aimed at bringing the insecurity and inconvenience of data networks to the phone system.

White hat (n.) A gray hat with a better PR firm.