Just saw the very funny Devil’s InfoSec Dictionary on the CSO site. Of course, I had to add a few definitions of my own:
- Blended threat: a hemlock smoothie
- Process, Security Is A: a throw-away line that explains why security measurement is impossible
- Risk management: a repeated process around the Hamster Wheel of Pain that vendors use to enumerate vulnerabilities you didn’t know you had, followed by serial remediation of same. See “remediation”
- Remediation: furious arm-flapping and showy activity designed to convince bosses that something is actually being done about vulnerabilities identified by third parties
- Spear phishing: a sport undertaken by illiterate anglers