A Dictionary of Information Security Terms, Abbreviations and Acronyms

  • 1h 1m
  • Alan Calder, Steve G. Watkins
  • IT Governance
  • 2007

Get to grips with key ISO27000 and information security vocabulary with this indispensable, concise pocket guide!

Information security is of crucial importance to your business. If you don’t know the difference between a cookie and a worm, or between war-chalking and digital watermarking, you are sure to find this guide enlightening. The strength of the book is that it is a combined glossary, enabling you to find explanations of geek slang, procedural language and acronyms all in one place. The combined glossary is a revised edition of the popular A Dictionary of Information Security Terms, and this new edition has been able to draw on the definitions provided in ISO/IEC 27000:2009 – Security Techniques – Information security management systems – Overview and vocabulary.

What's new?

Further definitions are sourced from ISO/IEC Guide 73:2002 to provide you with authoritative explanations of those information security terms that are used across the ISO framework. The combined glossary has taken account of an important change on the information security scene, and contains some new acronyms and definitions from the Payment Card Industry Data Security Standard (PCI DSS).

Benefits to business include:

  • Understand what everyone else is talking about: The fact that you’re reading this suggests you take an interest in information security. Whether you work in business or in the public sector, it’s an issue that’s likely to come up. If you’re given a position paper to read on information security, or have to attend a briefing, you will want to form your own opinion, particularly when the discussion directly affects your company. Meekly accepting arguments you don’t understand is never a good idea, especially not when large sums of money are involved. With the clear, reliable definitions contained in this combined glossary, you can finally get to grips with the problem.
  • Understand what you’re talking about: Any modern organisation relies on its IT systems. Although IT may not be your speciality, cybercrime affects all of us. So, wherever you work, if you are in a position of responsibility, then at some point, you will need to form a view on information security and put your point across. You can use this combined glossary to bring your arguments into sharper focus. The pocket guide will prove invaluable not only to business executives but also to civil servants and lawyers, as well as to people working in financial services and the media.
  • Assist ISO implementation: If your company or department is introducing an information security management system (ISMS) as specified under ISO27001, then you can ensure that key personnel are up to speed on the issue of information security by giving them all a copy of this pocket guide.
  • Make better decisions: The bad guys are only ever a mouse-click away. If you care at all about the financial well-being of your company, you need to take action on information security. However, there is often a gap between management’s overall sense of its responsibilities regarding information security and the IT people whose technical skills are required to fulfil those obligations. This combined glossary will help your organisation to bridge that gap and to facilitate communication between managers and the IT department. The guide enables managers to grasp the key concepts of information security, thereby facilitating the planning and coordination that are essential for successful implementation of any major information security project.

So it makes sense to take information security seriously, even if you are not an expert on the subject. This rapidly evolving discipline has spawned a complex and bewildering vocabulary and understanding the terms and language will stand you in good stead.

If you have ever felt confused by the language of information security, this pocket guide is for you; designed for non-specialist managers and those who are new to the subject, two internationally recognised experts in the field of information security have created a simple key to the mysteries of geek speak.

About the Authors

Alan Calder is the founder director of IT Governance Ltd. His long executive career has spanned both the private and public sectors. He writes, speaks and consults widely on IT governance, compliance and information security.

Steve G. Watkins leads the consultancy and training services of IT Governance Ltd. In his various roles in both the public and private sectors, he has been responsible for most support disciplines. He has over 20 years' experience of managing integrated management systems, including maintenance of information security, quality, environmental and Investor in People certifications.

In this Book

  • A Dictionary of Information Security Terms, Abbreviations and Acronyms
  • Introduction
  • Acceptable use policy — Awareness training
  • Back door — Byte
  • Cache — Cyber war
  • Data Encryption Standard (DES) — Dumpster diving
  • Eavesdropping — Extranet
  • FAST — FTP
  • Gateway — Guideline
  • Hackers — Human Rights Act 2000 (HRA)
  • Identity theft — IT governance
  • Java — Junk mail
  • Kerberos — Kilobyte
  • LAN — Logical
  • MAC — Multiple sign-on
  • NDA — NSSF
  • Objective evidence — OWASP
  • Packets — Public terminals
  • RADIUS — Router
  • SANS — System utilities
  • TACACS+ — Two-factor authentication
  • UKAS — User rights
  • Validation — Vulnerability scanning
  • WAN — WPA2
  • XML
  • Zero day exploit—Zombie


Rating 4.9 of 12 users Rating 4.9 of 12 users (12)
Rating 4.5 of 84 users Rating 4.5 of 84 users (84)