New "inclusive" terminology on CompTIA exams
I just attended a CompTIA Instructor Network webinar on the new Security+ exam officially released this month. One thing that caught my attention was a slide illustrating changes that CompTIA has made in the terminology on all of its its exams to remove words that can be perceived in a racist or sexist context. Although these terms are by no means standard (NIST, etc.), it is important to learn and recognize these new terms when studying for any CompTIA exam going forward .
Black Hat = Unauthorized Hacker
Gray Hat = Semi-authorized Hacker
Whitelist = Allow list/Approved list
Blacklist = Block list/Deny list
White box = Known environments
Black box = Unknown environments
Grey box = Partially known environments
Mantrap = Access Control Vestibule
Demilitarized Zone (DMZ) = Screened subnet
Man-in-the-Middle/Man-in-the-Browser = On-path Attack
CompTIA's Inclusive Language
Deprecated Terminology = Updated Terminology
White Hat = Authorized HackerBlack Hat = Unauthorized Hacker
Gray Hat = Semi-authorized Hacker
Whitelist = Allow list/Approved list
Blacklist = Block list/Deny list
White box = Known environments
Black box = Unknown environments
Grey box = Partially known environments
Mantrap = Access Control Vestibule
Demilitarized Zone (DMZ) = Screened subnet
Man-in-the-Middle/Man-in-the-Browser = On-path Attack
Tagged:
Comments
-
cyberguypr Mod Posts: 6,928 ModVery nice. My company just went through the exercise of getting rid of the whitelist/blacklist, master/slave terminology.
-
JDMurray Admin Posts: 13,099 AdminI don't agree of their remapping of "Gray Hat." The "hats" have more to do with ethics than specifically authorization. I would have also remapped "Man-in-the-Middle/Man-in-the-Browser" to "Mid-point attack." An MitM attack can also be off-the-path but still in the middle, such as when using a tap or mirror port.
-
balance Member Posts: 244 ■■■■■□□□□□
Believe it or not around a month ago, I had a student (soldier) tell me during a security+ boot camp that “I was not allowed to use the term cracker or black hat". So, this inclusive terminology is creeping in quickly.
-
JDMurray Admin Posts: 13,099 Admin"cracker" This term has not had a racial context since the 1970's and was heard mostly on TV shows like "Sanford and Son."
-
tedjames Member Posts: 1,182 ■■■■■■■■□□JDMurray said:"cracker" This term has not had a racial context since the 1970's and was heard mostly on TV shows like "Sanford and Son."
Hey, I'm proud to be a cracker! I guess that the Black Hat security conference will have to change its name to the Unauthorized Hacker security conference (UnHack for short). Anybody going to UnHack 2021?
-
balance Member Posts: 244 ■■■■■□□□□□Yea I told the student that amazon was in a world of hurt because they have an entire category of food labeled "Crackers"
-
cyberguypr Mod Posts: 6,928 Modbalance said:Yea I told the student that amazon was in a world of hurt because they have an entire category of food labeled "Crackers"
-
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□Warning rant following.. maybe it is because I am a mid-40 white hetero man(and identifying as a man) from Canada(a country where social context is better than USA), but I find it a bit ridiculous all those terminology change just to not offend people(be it by race or sex gender/orientation). It's not because the word change that the wrong are corrected. Black is a valid color (as in color, not as in race). Master and slave hard drive does not imply human slavery. I think it is a way that Orwell's Newspeak is beginning to be implanted. I dont deny that society need to correct thing, that bad situation does not exist, but changing technology term won't change or do anything to change social inequality. End of rant
-
malachi1612 Member Posts: 430 ■■■■□□□□□□Knew this would happen
Certifications:MCSE: Cloud Platform and Infrastructure, MCSA: Windows Server 2016, ITIL Foundation, MCSA: Windows 10, MCP, Azure Fundamentals, Security+. -
bigdogz Member Posts: 881 ■■■■■■■■□□Without you getting into any trouble, what are your thoughts on this subject?IMHO... I think the list may change which would cause more confusion.
-
JDMurray Admin Posts: 13,099 AdminI think this is purely a marketing move. CompTIA has decided to "virtu-signal" by creating its own non-industry-standard terminology. CompTIA's leaders may think that they are helping to spearhead a formal change in IT industry terminology that is necessary to enact beneficial social change. Changing a few terms will do little to change how people think and act. I also think the greater demand to effect superficial social changes is only temporary and will loose significant momentum after next week--especially if there is a change in office.
-
bigdogz Member Posts: 881 ■■■■■■■■□□I would tend to agree with you with the exception of these changes being temporary unless they change for the sake of change.
-
malachi1612 Member Posts: 430 ■■■■□□□□□□Its change for the sake of change. I bet this was something they only thought about to implement a few weeks ago.Just leave it how it was, no one was complaining about the terminology.Certifications:MCSE: Cloud Platform and Infrastructure, MCSA: Windows Server 2016, ITIL Foundation, MCSA: Windows 10, MCP, Azure Fundamentals, Security+.
-
thomas_ Member Posts: 1,012 ■■■■■■■■□□How is DMZ a racist or sexist term? It’s a military term applied to IT.
The only way I can possibly think they’re related is if you think the military is inherently racist and sexist which at that point aren’t you being a bigot by applying a label to entire groups of people?
-
scaredoftests Mod Posts: 2,780 ModI know..a head scratcher..Never let your fear decide your fate....
-
JDMurray Admin Posts: 13,099 AdminConsider the possibility that CompTIA is not reacting to any specific external stimuli but is instead having its policies influences by a group of social justice warriors that are internal to their org. This very situation has become apparent at publishing organizations such as The New York Times, The Washing Post, Spotify, and even the Merriam-Webster online dictionary.
-
thomas_ Member Posts: 1,012 ■■■■■■■■□□Here are some terms they missed. I’m sure they’ll get them on the next pass:
-motherboard: not inclusive to fathers, women without children and men without children.
-male/female connector: not inclusive because it’s forcing stereotypical gender norms on people who may not identify with said norms.
-server farm: clearly the word “farm” is a euphemism for plantation and its use is a microagression towards people of color in Information Technology
/sarcasm -
tedjames Member Posts: 1,182 ■■■■■■■■□□For awhile there on InfoSec Twitter, especially after certain "police-related" events, several people were discussing the need to rename some of the above words in an attempt to be more politically correct.
-
E Double U Member Posts: 2,239 ■■■■■■■■■■This is one of my favorite threadsAlphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
NetworkSpoon Member Posts: 11 ■■■□□□□□□□I agree with the Sighs, cant wait for someone to Tech-Shame me for using the wrong term....
-
p-coder Member Posts: 21 ■■■□□□□□□□
tedjames said:
Hey, I'm proud to be a cracker!This term is not used as much anymore, but it still has a derogatory meaning. Wikipedia says, "Cracker, sometimes white cracker or cracka, is an ethnic slur directed towards white people, used especially against poor rural whites in the Southern United States." I guess the modern equivalent would be something like "white trash." See Wikipedia: https://en.wikipedia.org/wiki/Cracker_(term)tedjames said:For awhile there on InfoSec Twitter, especially after certain "police-related" events, several people were discussing the need to rename some of the above words in an attempt to be more politically correct.I do not think that the issue is really about being politically correct. Because the original terms do not offend people in the position of w**** p********, it is more relevant to talk to friends and family members who have experienced a lot of racism in their lives and see how they feel about terms in technology like "master" and "slave".
-
thomas_ Member Posts: 1,012 ■■■■■■■■□□No, the issue usn’t about being politically correct. It’s about playing identity politics. It’s about forcing ideology down someone’s throat and then “cancelling” anyone who dares to vocalize that some of the things they are suggesting is ridiculous.
Unfortunately, the word “racism” and “racist” have been abused and misused so much they’re starting to lose their meaning. People weaponizing the word racist and using it to label someone who simply has different political opinions than themselves really devalues the word and makes it hard for people to take claims of racism serious.
-
JDMurray Admin Posts: 13,099 AdminMany organizations have decided to make socially-sensitive changes, both internally and externally, to avoid unjustified negative public relations reactions (e.g., "cancellation"). These changes usually do not produce specific, measurable results, but are simply meant to superficially appease a very narrow segment of the consumer market.
@thomas_ , you should make it explicitly clear that you do not believe that CompTIA is playing identity politics, and is likely attempting to avoid the negative targeting of its customers, potential customers, advertisers, and stakeholders from the intolerant actions of the "woke culture."