Explaining Computer Security Terms to Ordinary People

When you spend much of your time working with information technology, it’s easy to forget that the terms we use on daily basis might not be meaningful to non-IT people. It’s often wise to stay clear of technical jargon when communicating with non-techies; however, it’s not possible to avoid all computer terminology. This is especially applicable when having security awareness discussions with non-security personnel.

With this in mind, I collaborated with Lance Spitzner and Ed Skoudis from SANS Institute to succinctly define the most commonly-used computer security terms in a way that could be understood by “ordinary” people. The list includes such terms as firewall, exploit, patch, etc. If you’d like to recommend other terms or have suggestions for tweaking the definitions, please let me know.

Along these lines—because I love the idea of defining terms—I cannot resist presenting some of the more specialized definitions that I formulated in the past on this blog:

  • Clickjacking is the practice of deceptively directing a website visitor’s clicks to an undesired element of another site.
  • Social networking is communicating while being mindful of relationships among people. This term is used in the context of the Internet to refer to online interactions using social networking websites such as Facebook, Twitter, LinkedIn, Google+, etc.
  • A honeypot is a decoy IT infrastructure component that is designed and deployed to be attacked. It can take the form of a system, a network or an application, and may be implemented as a real or emulated resource.
  • An exploit kit is a tool that automates the exploitation of vulnerabilities in the victim’s workstation or mobile device, usually targeting browsers and programs that a website can invoke through the browser. 

Lenny Zeltser


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more