The Devil's Infosec Dictionary 24/7 adj. The window of time in which systems are most vulnerable to attack Access Control List (ACL) The operating system file that gives users access to files and programs they have no good reason to access Analyst, security A mercenary paid vast sums of money to tell you that your systems can't be secured Back door A hacker's front door Backup A process you don't need until you don't do it BC/DR (Business Continuity/Disaster Recovery Planning) An alternate spelling for "CISO" Biometrics Strong authentication mechanism that streamlines insider attacks Bot See "Zombie" Business case A creative writing project, the quality of which is directly proportional to your security budget Client/server Two types of easily hacked computers Clean desk policy What document users admit to ignoring during your intellectual property theft investigation Confidentiality, integrity and availability The three great myths of the Internet Age Crackers Hackers Cryptography The science of applying a complex set of mathematical algorithms to sensitive data with the aim of making Bruce Schneier exceedingly rich Cybercrime Crime Distributed Denial of Service (DDoS) See "Bot" Downtime Refers to computer systems' natural state; the opposite of anticipated downtime E-Commerce A historical fad from the late '90s meant to generate hundreds of billions of dollars in new profits; the inciting factor that generated hundreds of billions of dollars being spent on security products Firewalls Speed bumps Hackers Self-righteous crackers Help desk A place where rude people read instruction manuals to confused people over the phone, for a fee Identity theft The transfer of your personally identifying information from corporations that want to exploit it to hackers who want to exploit it Intrusion Detection Systems (IDS) Log file generators JOOTT ("jute") adj. Acronym for Just One Of Those Things; the primary explanation for most information security problems Laptop A computer designed to allow employees to easily store vast amounts of customer data in the backseat of a taxicab Logging The practice of filling shelves with printouts Logical security A goal; also, an oxymoron Mission critical adj. Term used to help hackers identify their targets Non-repudiation The opposite of repudiation; repudiation, only not O.S. hardening An attempt to secure your operating system against the next hack by closing the hole used by the previous one Passwords Authentication tool that, when properly implemented, drives growth at the help desk Patching A mandatory fool's errand Pharming and phishing Ways to obtain phood PKI (Public-Key Infrastructure) A system designed to transfer all of the complexities of strong authentication onto end users Regression testing The process by which you learn how the patches that fixed your system also broke your system Road warriors Traveling employees responsible for delivering malicious code back to headquarters Scope creep Stage three of the standard software development model Security administrator Firefighter Security officer Fall guy Total Cost of Ownership (TCO) In security, an incalculable number always equal to or greater than the budget Upgrade The process by which you introduce new vulnerabilities into software Virus Sort of like a worm, but not exactly Worm Similar to a virus, but different Zombie See "Distributed Denial of Service"