Saturday, July 5, 2014

Misapplied Security Words

Came across a website the other day that got me to thinking about how we in security have a tendency of misapplying words.  This isn't meant to compete against the aforementioned website, but rather as a quick blog to set the record straight on what is the difference between terminologies.  BTW this isn't a pet peeve of mine.


Incidents vs Events (and the lessor associated term Alert)

  • Event - A captured change in an environment
  • Alert - Notification that specific event took place
  • Incident - An event that are may have caused a disruption in a significant way
Breaking it down.  An event is something you saw happen, you told others that it happen, and because of it, it ended up making you late for something important.


Breach vs Compromise

This is a tough one.  A simple Google search offers vague definitions that sent my head spinning. So, this is what I'm offering as a possible delineation of what each is suppose to represent.
  • Breach - An event that bypassed a set of security controls
  • Compromise - An incident that affected the confidentiality, integrity and possible the availability of informational assets
Breaking it down.  A breach of an company's security controls that permitted unauthorized persons to expose (confidentiality) and also change (integrity) (i.e., compromise) millions of its client's sensitive information.


URL vs URI

URL is a subset of URI. IMHO - Tomato, Tomatoe lets call it a day. When you actually read the RFC, its quite confusing.
  • URI is the entire address 
  • URL is the address