Have you ever wondered just what the jargon of information security specialists really means? What are all those arcane words they throw around to scare us into submission as they lock down our computers even tighter? “What do you mean, we can’t even install a screensaver now?! Can I at least use the bathroom without your permission?”
Unfortunately, there are a lot of dumb Information System Security Officers (ISSOs) at corporations and organizations. I’ve known a few myself. These are the folks that barely know what they’re talking about, and go by the latest article they read. Their reaction to a new piece of software is to lock down the system and disallow it even before they research it properly. Case in point: was Skype shut down at your place of business or at a friend’s workplace? That was a dumb ISSO in action. They also know so little that they simply throw words around, and anyone with a little knowledge of computers can tell when they mess up. “No, ROM is not RAM, and no, it’s not a 300 Gigabit hard drive, it’s a 300 Gigabyte hard drive.”
That’s why books like this Dictionary of Information Security really help. We can educate ourselves, and know when they’re wrong. We can tell when they’re BS-ing, and when they’re telling the truth. My experience has been that they BS for 80 percent of the time, and don’t know what they’re talking about for the other 20 percent. “No, RSS doesn’t stand for Really Scary Stuff, it stands for Really Simple Syndication. And yes, it’s okay for us to subscribe to RSS feeds. Really.” Or, “No, this is a perfectly harmless screensaver. It’s not a RAT (Remote Access Trojan). You’re a rat, for all I care.” I could go on and on…
I love this book. Robert Slade did a great job putting it together, and the terms are explained in language that anyone possessing a cursory knowledge of computers can understand. I’m amused by the forewords, acknowledgments and preface. They’re abnormally long for a book this small, but that’s to be expected. This is, after all, the first Dictionary of Information Security, and a precedent has to be established, so to speak. But once you get down to the terms, you forget about all of the beginning sections, because if knowledge is power, this book packs a wallop.
Get it, and read it. I know it’s hard to believe, after all, who’d read a dictionary, but I’d read this one. And keep it around for reference. And when your ISSO gets on your nerves, start encrypting all your emails with PGP if he doesn’t stop scanning them. Or, if he doesn’t stop blocking access to your webmail account, set up a VPN connection to your home network and do all your web surfing through that. That’ll knock his SOCKS off! Let the fun begin!