Information Security Tech Terms, Defined

Have you ever noticed the way cyber-security terms can pile up in the middle of a sentence, like a multi-car accident? 

Each individual term may not be that opaque on its own, but when they are mashed up together, you just want to take a mental detour around the smashup. 

Example: a “botnet-fueled denial of service attack.”

It turns out that a glossary is just the right tool for untangling these pileups.

I discovered this after going through the 500+ terms in the Security vocabulary that has recently been added to the Acquia Glossary. The Acquia Glossary, you may remember from an earlier post, is an in-house, updated collection of relevant technology terms that all employees can easily reference via Slack. Last time, I looked at Digital Experience terms. This time: Security. 

The Acquia Glossary security content is owned and provided by the Acquia Information Security & Compliance team. This is helpful for everyone -- employees, partners and customers -- because you can use it to find the official definition of virtually any security term you encounter in Acquia policy/procedure documents, security awareness and training materials, customer conversations, pre-sales questionnaires or when working across teams. 

So in the example I cited at the beginning of this post, Acquians just have to Slack, “/glossary” followed by the terms “denial of service” and “botnet.” 

Then you get:

Botnet = A large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.

and

Denial of service =  The prevention of authorized access to a system resource or the delaying of system operations and functions.

Security-related glossary content also works for words you think you know what a phrase means as you speed-reading through a document, but then your confidence starts to wane when you have to dig deeper or need to include a highly-technical security concept  in a presentation. Suddenly your brain begins fogging up, and the difference between “audit,” “authentication” and “authorization” start to blend together. 

BTW:

• Audit is the process by which a subject area is independently reviewed and reported on by one or more competent auditors on behalf of stakeholders
• Authentication is the process of confirming the correctness of the claimed identity.
• Authorization is the approval, permission or empowerment for someone or something to do something.

Maybe you’ve got your “a” terms down, but later as you’re putting together a new slide deck, you start to wonder: Are we talking about password cracking, password sniffing, or better yet, protecting yourself from both by using Multi-Factor Authentication (MFA)? 

• Password cracking is the process of attempting to guess passwords, given the password file information.
• Password sniffing is passive wiretapping, usually on a local area network, to gain knowledge of passwords.
• Multi-Factor Authentication (MFA) is a sequence of steps using two or more different factors to achieve authentication. The three authentication factors are something you know, something you have, and something you are.

Also helpful: quick definitions for inscrutable frankenwords like “FedRAMP.”

“/glossary FedRAMP” in Slack brings up:

“The Federal Risk and Authorization Management Program, or FedRAMP, is a U.S. government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.”

“/glossary man-in-the-middle attack?

“In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.”

However you use it, the Acquia Glossary adds up to greater precision and less miscommunication. And that gets passed down from Acquia employees to customers and partners. 

Tune in next time when I plumb the Acquia Glossary terms defined by our financial department, which has helped educate all employees about terms related to budgeting, enabled non-financial members of the company to quickly Slack finance terms during meetings, made onboarding easier, and helped refresh the memories of employees who only deal with the budgeting cycle once a year.