The Devil’s Information Security Dictionary

Andrew Jaquith
Andrew Jaquith ∙ Managing Director, Markerbench
1 min read ∙ November 14, 2005

Just saw the very funny Devil’s InfoSec Dictionary on the CSO site. Of course, I had to add a few definitions of my own:

  • Blended threat: a hemlock smoothie
  • Process, Security Is A: a throw-away line that explains why security measurement is impossible
  • Risk management: a repeated process around the Hamster Wheel of Pain that vendors use to enumerate vulnerabilities you didn’t know you had, followed by serial remediation of same. See “remediation”
  • Remediation: furious arm-flapping and showy activity designed to convince bosses that something is actually being done about vulnerabilities identified by third parties
  • Spear phishing: a sport undertaken by illiterate anglers