The media loves to hype up cybersecurity, and they often confuse the terms. Here's a simple way to explain and understand what those cyber security terms really mean.
A group of hackers and cyber security professionals were annoyed by the media’s mis-use of terms, and this twitter thread by Casey Ellis rolled out.
Imagine cyber security as a bar fight…
threat actor = someone who wants to punch you in the face
threat = the punch being thrown
vulnerability = your inability to defend against the punch
risk = the likelihood of getting punched in the face
acceptable risk = your willingness to be punched in the face
compliance = how you think this all works until you’ve been punched in the face
attack surface = the size and shape of your face
threat intelligence = the collection of photos of ppl who aren’t allowed into the pub because of the time they punched someone in the face
risk posture = whether you know that talking shit in a pub is likely to get you punched in the face or not
exploit = the fist
asymmetric threat = studying this entire thread then getting kicked in the crotch
cyberrisk insurance = your mates at the pub betting on if you can “talk that kinda shit” and not get punched in the face
DEFCON presentation = all of your friends getting drunk in Las Vegas watching video of you being punched in the face
Patch Tuesday = your weekly gym visit
Air gap = avoiding the pub by staying at home (or) air gap = standing more than an arms length from a threat actor
Side channel = your wallet being nicked whilst you are being punched in the face
The rest of the thread is really useful to then see how different people debate or refine the different concepts. It’s well worth a read.
What about our cyber security services?
Security for schools and small to medium businesses is one of the main things we do at the Flywheel companies. Call or email us to get a review done of your systems now.