Explaining Computer Security Terms to Ordinary People

When you spend much of your time working with information technology, it’s easy to forget that the terms we use on daily basis might not be meaningful to non-IT people. It’s often wise to stay clear of technical jargon when communicating with non-techies; however, it’s not possible to avoid all computer terminology. This is especially applicable when having security awareness discussions with non-security personnel.

With this in mind, I collaborated with Lance Spitzner and Ed Skoudis from SANS Institute to succinctly define the most commonly-used computer security terms in a way that could be understood by “ordinary” people. The list includes such terms as firewall, exploit, patch, etc. If you’d like to recommend other terms or have suggestions for tweaking the definitions, please let me know.

Along these lines—because I love the idea of defining terms—I cannot resist presenting some of the more specialized definitions that I formulated in the past on this blog:

  • Clickjacking is the practice of deceptively directing a website visitor’s clicks to an undesired element of another site.
  • Social networking is communicating while being mindful of relationships among people. This term is used in the context of the Internet to refer to online interactions using social networking websites such as Facebook, Twitter, LinkedIn, Google+, etc.
  • A honeypot is a decoy IT infrastructure component that is designed and deployed to be attacked. It can take the form of a system, a network or an application, and may be implemented as a real or emulated resource.
  • An exploit kit is a tool that automates the exploitation of vulnerabilities in the victim’s workstation or mobile device, usually targeting browsers and programs that a website can invoke through the browser.

Lenny Zeltser

Updated

About the Author

Lenny Zeltser develops teams, solutions, and programs that use information security to achieve business results. Over the past two decades, Lenny has been leading efforts to establish resilient security practices and solve hard security problems. As a respected author and speaker, he has been advancing cybersecurity tradecraft and contributing to the community. His insights build upon 20 years of real-world experiences, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more