Explaining Computer Security Terms to Ordinary People

When you spend much of your time working with information technology, it’s easy to forget that the terms we use on daily basis might not be meaningful to non-IT people. It’s often wise to stay clear of technical jargon when communicating with non-techies; however, it’s not possible to avoid all computer terminology. This is especially applicable when having security awareness discussions with non-security personnel.

With this in mind, I collaborated with Lance Spitzner and Ed Skoudis from SANS Institute to succinctly define the most commonly-used computer security terms in a way that could be understood by “ordinary” people. The list includes such terms as firewall, exploit, patch, etc. If you’d like to recommend other terms or have suggestions for tweaking the definitions, please let me know.

Along these lines—because I love the idea of defining terms—I cannot resist presenting some of the more specialized definitions that I formulated in the past on this blog:

  • Clickjacking is the practice of deceptively directing a website visitor’s clicks to an undesired element of another site.
  • Social networking is communicating while being mindful of relationships among people. This term is used in the context of the Internet to refer to online interactions using social networking websites such as Facebook, Twitter, LinkedIn, Google+, etc.
  • A honeypot is a decoy IT infrastructure component that is designed and deployed to be attacked. It can take the form of a system, a network or an application, and may be implemented as a real or emulated resource.
  • An exploit kit is a tool that automates the exploitation of vulnerabilities in the victim’s workstation or mobile device, usually targeting browsers and programs that a website can invoke through the browser. 

Lenny Zeltser


About the Author

Lenny Zeltser develops products and programs that use security to achieve business results. He is the CISO at Axonius and Faculty Fellow at SANS Institute. Lenny has been leading efforts to establish resilient security practices and solve hard security problems for over two decades. A respected author and practitioner, he has been advancing tradecraft and contributing to the community. His insights build upon real-world experience, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more