信息安全行话指南The Infosec Phrasebook
这是一篇幽默风格的“信息安全短语词典”,旨在调侃安全行业的术语文化。文章通过将早期的网络聊天缩写(如 a/s/l)与现代安全概念(如 threat model)结合,揭示了行业黑话的演变。这种戏谑的表达方式反映了安全社区对自身专业术语泛滥的内部自嘲。
Andrew Nesbitt
Spend enough time around security people and you pick up a second vocabulary. It has a faintly military air and a noticeable per-syllable markup on vendor invoices.
Defense in depth: coding.
Zero trust: auth.
Least privilege: the permissions you forgot to grant.
Attack surface: your code.
Blast radius: everyone else’s code.
Hardening: turning things off.
Air gap: a USB stick.
Shift left: make it the developer’s problem.
Threat model: a Google Doc.
Tabletop exercise: a meeting about the Google Doc.
Compensating control: we didn’t fix it.
Risk acceptance: we didn’t fix it, in writing.
Remediation: a Jira epic.
Assume breach: we got breached.
CVE: curriculum vitae enhancement.
CVSS 9.8: please answer the phone.
Lateral movement: ssh.
Exfiltration: curl.
Supply chain security: running npm install, nervously.
Security posture: vibes.
Then there’s cyber, which gets prefixed to all of the above and increasingly used on its own. Cyber risk, cyber hygiene, cyber resilience, Cyber Essentials, “I work in cyber”. I have been on the internet long enough to remember when cyber was a verb, and what it meant when a stranger in an AOL chatroom asked if you wanted to. I cannot watch a minister say it into a microphone without that association firing, and at this point I’ve stopped expecting it to fade.
需要完整排版与评论请前往来源站点阅读。