New "inclusive" terminology on CompTIA exams

JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+Surf City, USAAdmin Posts: 11,944 Admin
I just attended a CompTIA Instructor Network webinar on the new Security+ exam officially released this month. One thing that caught my attention was a slide illustrating changes that CompTIA has made in the terminology on all of its its exams to remove words that can be perceived in a racist or sexist context. Although these terms are by no means standard (NIST, etc.), it is important to learn and recognize these new terms when studying for any CompTIA exam going forward . 

CompTIA's Inclusive Language

Deprecated Terminology = Updated Terminology

White Hat = Authorized Hacker
Black Hat = Unauthorized Hacker
Gray Hat = Semi-authorized Hacker
Whitelist = Allow list/Approved list
Blacklist = Block list/Deny list
White box = Known environments
Black box = Unknown environments
Grey box = Partially known environments
Mantrap = Access Control Vestibule
Demilitarized Zone (DMZ) = Screened subnet
Man-in-the-Middle/Man-in-the-Browser = On-path Attack

Comments

  • balancebalance MBA,CISM,CISA,CRISC,CISSP,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Sec+,Net+,Project+, ITF+ Member Posts: 142 ■■■■□□□□□□
  • bigdogzbigdogz Member Posts: 873 ■■■■■■■■□□
    thank you for the update.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,912 Mod
    Very nice. My company just went through the exercise of getting rid of the whitelist/blacklist, master/slave terminology.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,944 Admin
    I don't agree of their remapping of "Gray Hat." The "hats" have more to do with ethics than specifically authorization. I would have also remapped "Man-in-the-Middle/Man-in-the-Browser" to "Mid-point attack." An MitM attack can also be off-the-path but still in the middle, such as when using a tap or mirror port.
  • itdeptitdept A+, S+, L+, LPIC1, CCNA, CCP, ITIL Registered Users Posts: 199 ■■■■□□□□□□
  • bigdogzbigdogz Member Posts: 873 ■■■■■■■■□□
    itdept said:
    sigh.....

    That's not on the inclusive list :D
  • balancebalance MBA,CISM,CISA,CRISC,CISSP,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Sec+,Net+,Project+, ITF+ Member Posts: 142 ■■■■□□□□□□

    Believe it or not around a month ago, I had a student (soldier) tell me during a security+ boot camp that “I was not allowed to use the term cracker or black hat".  So, this inclusive terminology is creeping in quickly. 

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,944 Admin
    "cracker"  :#  This term has not had a racial context since the 1970's and was heard mostly on TV shows like "Sanford and Son."
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,174 ■■■■■■■■□□
    JDMurray said:
    "cracker"  :#  This term has not had a racial context since the 1970's and was heard mostly on TV shows like "Sanford and Son."

    Hey, I'm proud to be a cracker! I guess that the Black Hat security conference will have to change its name to the Unauthorized Hacker security conference (UnHack for short). Anybody going to UnHack 2021?
  • balancebalance MBA,CISM,CISA,CRISC,CISSP,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Sec+,Net+,Project+, ITF+ Member Posts: 142 ■■■■□□□□□□
    Yea  I told the student that amazon was in a world of hurt because they have an entire category of  food labeled "Crackers" 
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,912 Mod
    balance said:
    Yea  I told the student that amazon was in a world of hurt because they have an entire category of  food labeled "Crackers" 
    The rumor is the category will be relabeled as "Thin, dry, and crispy baked biscuit"   :D
  • SteveLavoieSteveLavoie Member Posts: 899 ■■■■■■■■□□
    edited October 30
    Warning rant following.. maybe it is because I am a mid-40 white hetero man(and identifying as a man) from Canada(a country where social context is better than USA), but I find it a bit ridiculous all those terminology change just to not offend people(be it by race or sex gender/orientation). It's not because the word change that the wrong are corrected.  Black is a valid color (as in color, not as in race). Master and slave hard drive does not imply human slavery. I think it is a way that Orwell's Newspeak is beginning to be implanted. I dont deny that society need to correct thing, that bad situation does not exist, but changing technology term won't change or do anything to change social inequality.  End of rant 
  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,764 Mod
    <sigh>
    Never let your fear decide your fate....
  • malachi1612malachi1612 Senior Member SwitzerlandMember Posts: 426 ■■■■□□□□□□
    Knew this would happen
    Certifications:
    MCSE: Cloud Platform and Infrastructure, MCSA: Windows Server 2016, ITIL Foundation, MCSA: Windows 10, MCP, Azure Fundamentals.

  • bigdogzbigdogz Member Posts: 873 ■■■■■■■■□□
    edited October 30
    Without you getting into any trouble, what are your thoughts on this subject?

    IMHO... I think the list may change which would cause more confusion.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,944 Admin
    I think this is purely a marketing move. CompTIA has decided to "virtu-signal" by creating its own non-industry-standard terminology. CompTIA's leaders may think that they are helping to spearhead a formal change in IT industry terminology that is necessary to enact beneficial social change. Changing a few terms will do little to change how people think and act. I also think the greater demand to effect superficial social changes is only temporary and will loose significant momentum after next week--especially if there is a change in office.
  • bigdogzbigdogz Member Posts: 873 ■■■■■■■■□□
    I would tend to agree with you with the exception of these changes being temporary unless they change for the sake of change.
  • malachi1612malachi1612 Senior Member SwitzerlandMember Posts: 426 ■■■■□□□□□□
    Its change for the sake of change.  I bet this was something they only thought about to implement a few weeks ago.

    Just leave it how it was, no one was complaining about the terminology.
    Certifications:
    MCSE: Cloud Platform and Infrastructure, MCSA: Windows Server 2016, ITIL Foundation, MCSA: Windows 10, MCP, Azure Fundamentals.

  • thomas_thomas_ CompTIA N+/S+/L+ CCNA R&S CCNP R&S/Enterprise/Collab Member Posts: 959 ■■■■■■■□□□
    How is DMZ a racist or sexist term?  It’s a military term applied to IT.  

    The only way I can possibly think they’re related is if you think the military is inherently racist and sexist which at that point aren’t you being a bigot by applying a label to entire groups of people?

  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,764 Mod
    I know..a head scratcher..  ;)
    Never let your fear decide your fate....
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,944 Admin
    Consider the possibility that CompTIA is not reacting to any specific external stimuli but is instead having its policies influences by a group of social justice warriors that are internal to their org. This very situation has become apparent at publishing organizations such as The New York Times, The Washing Post, Spotify, and even the Merriam-Webster online dictionary.
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,174 ■■■■■■■■□□
    For awhile there on InfoSec Twitter, especially after certain "police-related" events, several people were discussing the need to rename some of the above words in an attempt to be more politically correct.
  • E Double UE Double U Member Posts: 1,788 ■■■■■■■■■□
    This is one of my favorite threads  :)
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, Azure Security Engineer Associate, ITIL 4 Foundation, and more.

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • NetworkSpoonNetworkSpoon -Comptia A+ -Comptia Security+ -MTA:Network Fundamentals -Watchguard Certified Engineer Member Posts: 8 ■■■□□□□□□□
    I agree with the Sighs, cant wait for someone to Tech-Shame me for using the wrong term....
  • p-coderp-coder Member Posts: 15 ■■■□□□□□□□
    edited November 5
    tedjames said:
    Hey, I'm proud to be a cracker!

    This term is not used as much anymore, but it still has a derogatory meaning. Wikipedia says, "Cracker, sometimes white cracker or cracka, is an ethnic slur directed towards white people, used especially against poor rural whites in the Southern United States." I guess the modern equivalent would be something like "white trash."  See Wikipedia: https://en.wikipedia.org/wiki/Cracker_(term)

    tedjames said:
    For awhile there on InfoSec Twitter, especially after certain "police-related" events, several people were discussing the need to rename some of the above words in an attempt to be more politically correct.

    I do not think that the issue is really about being politically correct. Because the original terms do not offend people in the position of w**** p********, it is more relevant to talk to friends and family members who have experienced a lot of racism in their lives and see how they feel about terms in technology like "master" and "slave".


  • thomas_thomas_ CompTIA N+/S+/L+ CCNA R&S CCNP R&S/Enterprise/Collab Member Posts: 959 ■■■■■■■□□□
    No, the issue usn’t about being politically correct.  It’s about playing identity politics.  It’s about forcing ideology down someone’s throat and then “cancelling” anyone who dares to vocalize that some of the things they are suggesting is ridiculous.

    Unfortunately, the word “racism” and “racist” have been abused and misused so much they’re starting to lose their meaning.  People weaponizing the word racist and using it to label someone who simply has different political opinions than themselves really devalues the word and makes it hard for people to take claims of racism serious.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,944 Admin
    Many organizations have decided to make socially-sensitive changes, both internally and externally, to avoid unjustified negative public relations reactions (e.g., "cancellation"). These changes usually do not produce specific, measurable results, but are simply meant to superficially appease a very narrow segment of the consumer market.

    @thomas_ , you should make it explicitly clear that you do not believe that CompTIA is playing identity politics, and is likely attempting to avoid the negative targeting of its customers, potential customers, advertisers, and stakeholders from the intolerant actions of the "woke culture." 
Sign In or Register to comment.