As a new IT or Security pro, you’ll drink from a firehose for a while. Even experienced pros and managers may get tripped up by the huge amount of information and terms. No need to worry; we’ll go over a few definitions of weird-sounding security terms.
You may attend two whole security meetings, whether conferences or lunch meetings before you start hearing some of the terms below.
I tend to be a bit tongue-in-cheek in my writing, but I know there is nothing inherently wrong with these terms or the pros who use them. It’s simply good for everyone to get on the same page, regardless of which security job you choose.
Table of Contents
Technical Terms
Egress
- Definition: Egress is the action of going out of or leaving a place.
- Potential Usage: Means of egress or egress of the area. Mostly used in network terminology.
- Security Context: To steal data.
- Similar Term: Ingress, going in or entering. Again, mostly used in networking but some security pros want you to know they know these types of words.
Kill Chain
- Definition: The kill chain is a military concept that relates to phases of taking care of a target or an objective.
- Potential Usage: Where you are along the cyber kill chain. Mostly used in cyber to describe a cyber attack lifecycle.
- Security Context: To help identify and prevent intrusions.
- Similar Term: Data breaches. As an Infosec professional, get used to talking about this. Varonis has a pretty circular chart to help illustrate this concept.
DMZ
- Definition: DMZ stands for demilitarized zone, where military operations are prohibited.
- Potential Usage: Services provided to external users will be placed in the DMZ, which is mostly used in network terminology to describe a perimeter network.
- Security Context: No difference.
- Similar Term: This is not applicable. Get used to worrying about actors pivoting from servers or network infrastructure devices in the DMZ. Yes, you can get a handle on it, but the threat is always there.
Polymorphic
- Definition: Polymorphic describes something that occurs in several different forms.
- Potential Usage: Polymorphic code uses an engine to change each time it runs while keeping the original algorithm intact. It is mostly used to describe a feature of a programming language.
- Security Context: Technique to help hide malicious code and beat antivirus engines.
- Similar Term: Metamorphic code used by some viruses when they are about to infect new files. Has the potential to infect executables cross-platform.
Obfuscate
- Definition: Obfuscate is to render something unclear.
- Potential Usage: Obfuscation to anonymize data to cyber attackers. Mostly used to refer to various techniques to mask or hide data.
- Security Context: To hide, scramble, or confuse layers or data sets.
- Similar Term: Security through obscurity, reliance on how something is designed, and keeping that information close to relevant people. Individually, it’s a good practice so long that other protections are in place. Basing your entire security program on obscurity is a train wreck waiting to happen.
Pseudonymization
- Definition: Pseudonymization is a data management and de-identification procedure.
- Potential Usage: Pseudonymization can substitute an identity with a random token. Mostly used in data privacy.
- Security Context: To “mask” data with a pseudonym. This process is reversible with additional information.
- Similar Term: Anonymization, permanent removal of identifiable data. Unfortunately, you’re not out of the woods just yet. With enough anonymous data, an entire profile can be crafted on an identity.
Administrative or Policy Terms
Note: Added this section from previous notes taken in 2015 on 11/10/17.
Ex Officio
- Definition: Ex officio describes one’s virtue of position or status.
- Potential Usage: She is an ex officio member of the steering committee.
Insofar
- Definition: Insofar refers to the extent or degree of a process.
- Potential Usage: We will secure information from passersby insofar as we can.
Promulgate
- Definition: To promulgate is to promote or make widely known. This can be as simple as an idea or a way to further a cause. It can also be a declaration of law or an administrative process put into effect by an official proclamation.
- Potential Usage: It’s important to designate responsibility to a group to establish and promulgate procedures for disseminating a security policy.
Commensurate
- Definition: Commensurate refers to the size or degree of something in proportion to related outcomes.
- Potential Usage: We will secure information commensurate with the potential to do damage.
Do you have any security terms that get thrown around a lot that should be included in this list?
Sound off in the comments below. Thanks for reading, and be safe out there.