24/7
adj. The window of time in which systems are most vulnerable to attack
Access Control List (ACL)
The operating system file that gives users access to files and programs they have no good reason to access
Analyst, security
A mercenary paid vast sums of money to tell you that your systems can't be secured
Back door
A hacker's front door
Backup
A process you don't need until you don't do it
BC/DR (Business Continuity/Disaster Recovery Planning)
An alternate spelling for "CISO"
Biometrics
Strong authentication mechanism that streamlines insider attacks
Bot
See "Zombie"
Business case
A creative writing project, the quality of which is directly proportional to your security budget
Client/server
Two types of easily hacked computers
Clean desk policy
What document users admit to ignoring during your intellectual property theft investigation
Confidentiality, integrity and availability
The three great myths of the Internet Age
Crackers
Hackers
Cryptography
The science of applying a complex set of mathematical algorithms to sensitive data with the aim of making Bruce Schneier exceedingly rich
Cybercrime
Crime
Distributed Denial of Service (DDoS)
See "Bot"
Downtime
Refers to computer systems' natural state; the opposite of anticipated downtime
E-Commerce
A historical fad from the late '90s meant to generate hundreds of billions of dollars in new profits; the inciting factor that generated hundreds of billions of dollars being spent on security products
Firewalls
Speed bumps
Hackers
Self-righteous crackers
Help desk
A place where rude people read instruction manuals to confused people over the phone, for a fee
Identity theft
The transfer of your personally identifying information from corporations that want to exploit it to hackers who want to exploit it
Intrusion Detection Systems (IDS)
Log file generators
JOOTT ("jute")
adj. Acronym for Just One Of Those Things; the primary explanation for most information security problems
Laptop
A computer designed to allow employees to easily store vast amounts of customer data in the backseat of a taxicab
Logging
The practice of filling shelves with printouts
Logical security
A goal; also, an oxymoron
Mission critical
adj. Term used to help hackers identify their targets
Non-repudiation
The opposite of repudiation; repudiation, only not
O.S. hardening
An attempt to secure your operating system against the next hack by closing the hole used by the previous one
Passwords
Authentication tool that, when properly implemented, drives growth at the help desk
Patching
A mandatory fool's errand
Pharming and phishing
Ways to obtain phood
PKI (Public-Key Infrastructure)
A system designed to transfer all of the complexities of strong authentication onto end users
Regression testing
The process by which you learn how the patches that fixed your system also broke your system
Road warriors
Traveling employees responsible for delivering malicious code back to headquarters
Scope creep
Stage three of the standard software development model
Security administrator
Firefighter
Security officer
Fall guy
Total Cost of Ownership (TCO)
In security, an incalculable number always equal to or greater than the budget
Upgrade
The process by which you introduce new vulnerabilities into software
Virus
Sort of like a worm, but not exactly
Worm
Similar to a virus, but different
Zombie
See "Distributed Denial of Service"