As a new IT or Security pro, you’re going to be drinking from a firehose for a while. Even experience pros and managers may get tripped up by the huge amount of information and terms. No need to worry, we’ll go over a few definitions to weird sounding security terms.
You may make it to 2 whole security meetings, whether they be conferences or lunch meetings, before you start hearing some of the terms below.
I tend to be a bit tongue in cheek in my writing but know there are nothing inherently wrong with these terms or the pros who say them. It’s simply good for everyone to get on the same page.
- Definition: Egress is the action of going out of or leaving a place.
- Potential Usage: Means of egress or egress the area. Mostly used in network terminology.
- Security Context: To steal data.
- Similar Term: Ingress, going in or entering. Again, mostly used in networking but some security pros want you to know they know these types of words.
- Definition: The kill chain is a military concept that relates to phases of taking care of a target or an objective.
- Potential Usage: Where you are along the cyber kill chain. Mostly used in cyber to describe a cyber attack lifecycle.
- Security Context: To help identify and prevent intrusions.
- Similar Term: Data breaches, as an Infosec professional, get used to talking about this. Varonis has a pretty circular chart to help illustrate this concept.
- Definition: DMZ stands for demilitarized zone, a place where military operations are not permitted.
- Potential Usage: Services provided to external users will be placed in the DMZ. Mostly used in network terminology to describe a perimeter network.
- Security Context: No difference.
- Similar Term: Not applicable, get used to worrying about actors pivoting from servers or network infrastructure devices in the DMZ. Yes, you can get a handle on it but the threat is always there.
- Definition: Polymorphic is used to describe something that occurs in several different forms.
- Potential Usage: Polymorphic code uses an engine to change each time it runs while keeping the original algorithm intact. Mostly used in describing a feature of a programming language.
- Security Context: Technique to help hide malicious code and beat antivirus engines.
- Similar Term: Metamorphic, code used by some viruses when they are about to infect new files. Has the potential to infect executables cross-platform.
- Definition: Obfuscate is to render something unclear.
- Potential Usage: Obfuscation to anonymize data to cyber attackers. Mostly used to refer to a variety of techniques to mask or hide data.
- Security Context: To hide, scramble, or confuse layers or sets of data.
- Similar Term: Security through obscurity, reliance on how something is designed and keeping that information close to relevant people. Individually, it’s a good practice so long that there are other protections in place. Basing your entire security program on obscurity is a train wreck waiting to happen.
- Definition: Pseudonymization is a data management and de-identification procedure.
- Potential Usage: Pseudonymization can substitute an identity with a random token. Mostly used in data privacy.
- Security Context: To “mask” data with a pseudonym. This process is reversible with additional information.
- Similar Term: Anonymization, permanent removal of identifiable data. Unfortunately you’re not out of the woods just yet. With enough anonymous data, an entire profile can be crafted on an identity.
Administrative or Policy Terms
Note: Added this section from previous notes taken in 2015 on 11/10/17.
- Definition: Ex officio describes one’s virtue of position or status.
- Potential Usage: She is an ex officio member of the steering committee.
- Definition: Insofar refers to the extent or degree of a process.
- Potential Usage: We will secure information from passersby insofar as we can.
- Definition: To promulgate is to promote or make widely known. This can be as simple as an idea or a way to further a cause. It can also be a declaration of law or administrative process that is put into effect by official proclamation.
- Potential Usage: It’s important to designate responsibility to a group in order to establish and promulgate procedures for the dissemination of a security policy.
- Definition: Commensurate refers to the size or degree of something, in proportion to related outcomes.
- Potential Usage: We will secure information commensurate with the potential to do damage.
Do you have any security terms that get thrown around a lot that should be included in this list?
Sound off in the comments below. Thanks for reading and be safe out there.