Cybersecurity Style Guide

A discussion-based exercise in which a team and a facilitator run through a hypothetical scenario to test an organization’s incident response. Sometimes informally abbreviated to TTX or TTE.

Entering a secure area by tagging along with someone who has proper credentials.

The last 10 lines of a file. It can be requested through the Unix command tail.

Also hone or refine, when referring to attacks or payloads.

In Kubernetes and Terraform, a taint is a resource that is corrupt and needs some form of remediation. Explain on first use and use with caution.

An archive utility or its filename extension.

A .tar file. Informal; do not use in formal writing.

Time And Relative Dimension In Space. The fictional police box-shaped spacecraft and time machine used in Doctor Who. It’s bigger on the inside.

The deliberate slowdown of a network to contain or deter an attack.

Pronounced as “tass-bot.”

A Bishop Fox tool that can copy RFID credentials up to three feet away.

Terabyte. No space between the number and unit, as in “50TB.” Do not pluralize TB.

Transmission Control Protocol/Internet Protocol. Wired Style calls it “the mother tongue of the internet.” Pronounced as letters. Do not spell out.

Short for technology, entertainment, and design. Global knowledge conferences. Pronounced as “ted” and “ted-X.” Do not spell out.

Trusted Execution Environment. A secure area on a processor that is used to execute sensitive code.

Internet-enabled sex toys.

A remote login protocol.

To end or close, as in a program.

A manufacturing company named after the scientist Nikola Tesla.

Team Foundation Server. Spell out on first use.

Pronounced as “T-grep.”

Use singular they. As with all language, be mindful of possible clarity issues.

A computer that provides rich functionality independent of the server. Also used to describe applications that run on a user’s machine and do not rely heavily on server communications. Also called a fat client; don’t use “fat client” in formal writing.

The opposite of a thick client. A computer that primarily depends on a server for computing within a larger infrastructure. Can refer to a web application.

An external party (like a vendor) that exists outside of the company-user relationship.

An annual security conference in Chicago.

Security threat categories include competitor, hacktivist, insider, dealer, nation-state, and third-party integrator.

Defensive security.

A process of identifying threats and relevant mitigations. This can vary from an informal phase of any assessment to a formal service that analyzes a given system.

Written by Isaac Asimov. “1: A robot may not injure a human being or, through inaction, allow a human being to come to harm. 2: A robot must obey orders given to it by human beings except where such orders would conflict with the First Law. 3: A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.”

The total amount of data transmitted over a link per unit of time.

When the code throws an error, it announces that something is wrong that the code cannot fix. Thrown errors can be ”caught“ by other portions of code.

A Java class encompassing all errors and exceptions.

A small form-factor USB drive.

Also known in China as Douyin (抖音).

LaTeX emoji.

“Today I learned.” Pronounced as “till,” “teel,” the whole phrase, or as letters. Informal.

Tilde is the [ ~ ] character used in coding and in the Spanish letter ñ.

Describes engagements that are limited by scoped hours.

Include the time zone if referring to a testing window or specific event. Avoid using military (24-hour) time unless relevant to the context.

A solder cleaner.

Titles of books, movies, podcasts, TV shows, and video games do not often appear in our formal writing. When they do, we write them in title case, as in Snow Crash. If the title does not stand out on its own, add quotation marks, as in the dystopian novel “We” or the video game “E.T.”

Temporal Key Integrity Protocol. An encryption protocol. Do not spell out.

Three-letter agency. Refers to government agencies like the CIA, FBI, and NSA. Informal.

Top-level domain. Pronounced as letters. Spell out on first use.

“Too long; didn’t read.” Pronounced as letters. Informal.

Transport Layer Security. The replacement for Secure Sockets Layer (SSL). Do not spell out unless defining the term.

Time of check to time of use. A software issue that occurs between checking a condition and using the results of the check. Pronounced as “tock-too.”

Trust on first use. An authentication scheme. Pronounced like tofu. Spell out on first use.

When discussing a type of token, use the normal style, as in “OAuth bearer token.” If it’s a specific token, use the tech font for its name, as in “oauth_token.”

A set of software tools.

A privacy-focused web browser. Originally short for The Onion Router. Do not write as TOR. Do not spell out.

A hexalobular screwdriver head shape.

Time-based One-time Password. An algorithm. Pronounced as letters. Spell out on first use.

A genre of games in which the player builds defenses to survive wave after wave of enemy attackers.

Technical point of contact. Pronounced as “tee-pock” or the whole phrase. Spell out on first use.

A comic book series that follows the journalist Spider Jerusalem through a dystopian future city.

An undocumented way to access an application.

Do not use this term. Use institutional knowledge or in-house knowledge instead.

OK in social engineering engagements. Also consider coerce, force, manipulate, or prompt.

A defensive security monitoring tool made by a company of the same name.

If describing an easy-to-bypass security measure, choose a more descriptive word like insignificant, unsophisticated, or easily overcome. OK in the phrase “Although non-trivial to implement…”

Malware that masquerades as something legitimate.

Hateful or intentionally ignorant behavior that intends to cause strong reactions and waste time. Don’t feed the trolls.

A prized target within an environment.

An open source search tool.

A property of data types whereby non-Boolean values can be evaluated as Booleans in some programming languages. For example, any non-empty string is considered True in Python.

An exception-handling strategy.

Transportation Security Administration.

Telecommunications service provider or Telecommunications Service Priority, an FCC emergency program. Spell out on first use to clarify your intended meaning.

A SQL language extension. Pronounced as “tee-sequel.”

Time to detection. Pronounced as letters. Spell out on first use.

Tactics, techniques, and procedures. Used during threat modeling exercises. Spell out on first use.

A series of questions used to determine whether a subject is capable of human-like thinking.

A hacking group also known as Snake or Uroburos.

Trigger warning. Spell out on first use.

A livestreaming video platform.

A microblogging website. Our account is @bishopfox.

Also called URL hijacking.