Explaining Computer Security Terms to Ordinary People

Technical jargon that security professionals use daily may be meaningless to non-IT people. A collaborative effort with SANS Institute defines commonly-used security terms like firewall, exploit, and patch in ways ordinary people can understand—essential for security awareness discussions.

When you spend much of your time working with information technology, it’s easy to forget that the terms we use on daily basis might not be meaningful to non-IT people. It’s often wise to stay clear of technical jargon when communicating with non-techies; however, it’s not possible to avoid all computer terminology. This is especially applicable when having security awareness discussions with non-security personnel.

With this in mind, I collaborated with Lance Spitzner and Ed Skoudis from SANS Institute to succinctly define the most commonly-used computer security terms in a way that could be understood by “ordinary” people. The list includes such terms as firewall, exploit, patch, etc. If you’d like to recommend other terms or have suggestions for tweaking the definitions, please let me know.

Along these lines—because I love the idea of defining terms—I cannot resist presenting some of the more specialized definitions that I formulated in the past on this blog:

Clickjacking is the practice of deceptively directing a website visitor’s clicks to an undesired element of another site.
Social networking is communicating while being mindful of relationships among people. This term is used in the context of the Internet to refer to online interactions using social networking websites such as Facebook, Twitter, LinkedIn, Google+, etc.
A honeypot is a decoy IT infrastructure component that is designed and deployed to be attacked. It can take the form of a system, a network or an application, and may be implemented as a real or emulated resource.
An exploit kit is a tool that automates the exploitation of vulnerabilities in the victim’s workstation or mobile device, usually targeting browsers and programs that a website can invoke through the browser.

About the Author

Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. As CISO at Axonius, he leads the security and IT program, focusing on trust and growth. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a popular Linux toolkit for malware analysis. Lenny shares his perspectives on security leadership and technology at zeltser.com.

Learn more →