Top 10 Security terms and phrases that really annoy the pants off me…..

1. “We’ll tidy the code up later…” – no, you won’t. (See ‘Service Pack’ below)

2. “We’ll do the security bit afterwards…” – and there goes Miss Piggy drag racing a Boeing 767.

 3. Windoze – yes, I know that I have used it in the past, but I’ve grown up now. Don’t call people (or products) names just because you’ve got a shinier toy. It’s just not nice.

4. “What do you mean by ‘Security Architecture’?” – Security. Architecture. Security Architecture. How you architect security solutions and services to enable the organsiation.

 5. ‘Service Pack’ – AKA a very large number of bug fixes cobbled together with one or two very small utilities that avoid having to admit that the product was to market way before the testing was completed…..again.

 6. IPS (Intrusion Prevention System) – by definition, it is not possible to prevent an intrusion, merely to respond to it.

 7. ‘Secure’ email – so, a multi-hop, store and forward, non-guaranteed delivery mechanism based upon clear text that can be read every systems administrator along the entire path is ‘secure’?

 8. 'Total security’ – and I can also sell you the Sydney Harbour Bridge……

 9. 'Augmented’ standard – should be read as ‘non-standards compliant vendor lock-in’
 
10. “…..just make it secure!” – Please define ‘secure’. Against which threats would you like it secured? And how much time / effort / money can I spend on it? And whilst we’re at it, what exactly are we securing, how valuable is it to you and anyone else and for how long do we need to secure it for? Tell me, have you ever heard of the phrase ‘Threat & Risk Assessment’ before?