top of page

You, the reader

These are the readers I had
in mind while writing the Cybersecurity Hyperglossary: are you on the list?

  • Academics, researchers, undergraduate, MSc and PhD students: in cybersecurity or related fields of study such as machine learning, cryptography, AI.
     

  • Auditors and testers including certification/conformity auditors, internal auditors, computer/IT auditors, security and privacy auditors, safety auditors, financial auditors, supplier auditors, product security/safety testers, penetration testers, post-incident reviewers, insurance assessors and claims adjusters.
     

  • Authorities: industry regulators providing guidance, direction, monitoring, assessment, constraints and warnings to regulated industries (e.g. anti money laundering and tax law for financial services; ethics, oversight and assurance for government and military sectors; financial integrity for accountants, auditors, executive managers and directors producing annual reports).
     

  • Authors of technical documentation, support guides, science and nonscience fiction, encyclopaedias, product manuals, technical manuals, course manuals, user guides, instruction leaflets, articles, websites/pages, films, documentaries, series, exposés etc.
     

  • Business people in general: particularly those with cybersecurity responsibilities, at all levels of the hierarchy e.g. IT team leaders, product managers, financiers and accountants, C-suite and Board members.
     

  • Buyers of cybersecurity products/services, confused by sales jargon, misled by unrealistic/false security claims by vendors, unsure how to elaborate on their needs and unclear about the possibilities.
     

  • Cybersecurity, information security and related professionals and specialists: ranging from junior through mid-career to senior management levels e.g. Chief Information Security Officers and Chief Risk Officers, security analysts, engineers, architects, developers, testers; incident responders and crisis managers; privacy, health and safety and other compliance officers; auditors; researchers; trainers, teachers, lecturers, educators, bloggers; tech support, help desk workers and customer relations staff and managers; employees, contractors, consultants, advisors, temps, interns; mentors; vCISOs/fractional CISOs …
     

  • Executives and Directors: C-suite CEOs, CIOs, CISOs, CROs, CSOs, CFOs ... plus the Board, with governance, oversight, strategy and compliance obligations in this area.
     

  • General public: anyone with an interest in the field, perhaps confused by the terms seen in the traditional and social media, or disturbed at the prospect of phishing, ransomware and fraud; tech-savvy individuals interested in cybersecurity; home users concerned about online security, privacy etc.; applicants for security-related jobs or in security-relevant industries and companies; anyone supporting vulnerable relatives, friends or clients; users of the Web, spreadsheets, databases, apps, cellphones, tablets, wearables, Siri etc.
     

  • Government workers: local and central government, policy makers and advisors working in the area of cybersecurity, critical infrastructure, IT, health, defence, finance, welfare, fraud, education, international relations, intelligence services, post/couriers etc.

  • Healthcare professionals: doctors, nurses, dentists, administrators, specialists, consultants, surgeons, diagnosticians, medical equipment technicians, receptionists, telephonists, hospital managers … oh and patients!
     

  • Human Resources professionals working with employment contracts, delivering employee training and awareness programs, recruitment, vacancy notices, job descriptions, interviews, disputes and disciplinary actions, welfare/health and safety.
     

  • Influencers: bloggers, social media pundits, well-connected and acknowledged experts in the field; book reviewers.
     

  • Journalists: researchers, writers, presenters, editors.
     

  • Legal and compliance professionals: lawyers, solicitors, legislators, prosecutors, judges and ‘the courts’, police/law enforcement, prison workers, advocates and advisors.
     

  • Managers at all levels e.g. product managers, business unit, site, departmental or team managers.
     

  • Marketing, sales, support and procurement specialists with supply chain/network cybersecurity responsibilities and concerns.
     

  • Standards and trade body members developing standards, methods, certifications, guidance etc. for fellow professionals.
     

  • Privacy officers and other privacy professionals.
     

  • Professional authors, marketers, bloggers and ghost-writers generating cyber security content for product promotion, advertising and packaging, web sites, glossy leaflets, press releases etc.
     

  • Teachers/trainers, educators and students: the hyperglossary is a valuable resource for academic and commercial training courses and bootcamps.
     

  • Technology professionals: security analysts, architects, testers etc.; system and network administrators; system and network engineers; database administrators; software and information service designers, developers, testers, help desk/support staff, documenters, evangelists; experts in OT/industrial systems, robotics, AI, IoT …

Quotation by Voltaire

In addition to individuals, the book caters for corporates too:

  • Businesses of all types and sizes seeking to:

    • improve communication and collaboration within IT and security teams, compliance, audit, safety etc.;

    • develop and adopt or enhance cybersecurity awareness and training programs;

    • ensure consistent terminology across departments, business units and teams, and in communications and negotiations with third parties such as suppliers, partners, customers, owners, insurers and the authorities;

    • comply with applicable laws and regulations (e.g. GDPR, HIPAA, SOC2, PCI, Official Secrets, tax, corporate governance, financial management and reporting …);

    • protect and exploit intellectual property;

    • assess and mitigate threats from competitors.
       

  • Educational institutions: schools, universities, colleges, training academies and online learning platforms, libraries (public or private).
     

  • Governments and agencies: law enforcement, intelligence, military and regulatory bodies, treasury/central banks, politicians and their advisors.

  • Trade or professional membership bodies: OWASP, ISC2 etc. whether to provide an information service to members, to promote the hyperglossary to students of their certifications, or to use in drafting and maintaining course manuals, frameworks, methods and other guidance.
     

  • Administrators, auditors/assessors, users and relying parties for cybersecurity frameworks, standards and certification schemes, plus other areas such as IT, health and safety, healthcare, wealthcare, defence, privacy, financial integrity …
     

  • Vendors, particularly those selling security-related products or serving markets such as IT, finance, healthcare, government and defence for which information/cyber security and privacy are essential.  For example, vendors of ISMS support systems/cloud services could use the hyperglossary to correct their system documentation, course materials etc. and might wish to license the hyperglossary content for inclusion in their products.

The hyperglossary is valuable for purposes such as:

  • Artificial Intelligence: training LLMs, developing expert systems, checking and refining specialist language used in various AI systems e.g. automated customer service responders, AI-enabled security systems.
     

  • Assurance: audits of all types, application testing, penetration tests, management reviews, desktop walkthroughs and exercises.
     

  • Assurance: preparing for and undergoing security audits and certifications (e.g. ISO 27001, SOC 2); developing, promoting (i.e. achieving recognition and understanding through education, awareness and training activities), maintaining and ensuring compliance with internal security policies and procedures, contracts and agreements.
     

  • Change management: identifying, explaining and addressing the risk and security implications of changes involving IT systems, services or products, business processes and relationships etc.
     

  • Commercial: all aspects of business involving information; competitive intelligence; marketing, promotion, branding, advertisements; warranties, guaranties and claims.
     

  • Compliance: specifying and satisfying legal, regulatory, contractual and ethical obligations, requirements and expectations; developing, promoting, maintaining, and complying with industry standards and regulations (e.g. ISO/IEC 27001, GDPR, HIPAA, PCI DSS, SOX); convincingly and professionally demonstrating compliance to auditors, regulators and other stakeholders (e.g. customers, owners, workers).
     

  • Conducting security or privacy assessments, audits, tests and evaluations: specifying requirements and explaining findings, risks, controls, issues and exceptions competently and clearly in working papers, specifications, reports, executive summaries, product marketing copy.
     

  • Cyber or information risk and security management: risk assessment/analysis, evaluation, treatment/control, monitoring and communication; identifying and exploring potential threats, vulnerabilities and impacts; clarifying security objectives/requirements; quantifying and prioritising risks and controls; discussing and agreeing management’s risk appetites and tolerance levels; developing and implementing risk mitigation strategies.
     

  • Cyber threat modelling: identifying and analysing potential threats to IT systems, data, applications and networks, determining the likelihood and impact of incidents, designing and implementing security controls to mitigate unacceptable risks.
     

  • Data Loss Prevention: preventing sensitive and valuable data from being disclosed, revealed or stolen; consistently identifying, classifying and protecting information in all forms; monitoring data flows, detecting and gathering evidence of suspicious activity and responding accordingly.
     

  • Developing consistent, clear, understandable and motivational language making proper use of defined terms.
     

  • Documentation: preparing, reviewing, promoting, maintaining and updating all types of documentation with cyber content or relevance e.g. cybersecurity policies, procedures, guidelines and advisories, strategies, plans, training materials, memos, reports, records, emails, testimony, contracts, proposal, research findings, official submissions, patent applications, secrets, even hyperglossaries.
     

  • Ethics and morals: offensive and defensive tools and techniques, protecting the weak and vulnerable, supporting and protecting whistleblowers and vulnerability disclosers.
     

  • Fraud and impropriety: fraud modelling, prevention, monitoring/surveillance, whistleblowing; misinformation, disinformation, propaganda and rhetoric; incident investigation and management; prosecution and defence.
     

  • Governance: organisational design; roles, responsibilities and accountabilities; assurance, compliance monitoring and management; stakeholder reporting and metrics.
     

  • Health and safety: competently achieving demonstrable compliance with occupational health and safety laws and regulations; implementing appropriate and effective health and safety controls and safeguards; conducting health and safety impact assessments; product and process safety; building and secure area safety; safety and security aspects of Industrial Control Systems, robotics and most modern machinery; critical infrastructure systems (power grids, water treatment, healthcare, finance …); medical devices, digital implants, diagnostic and test equipment; mental health, motivation and support for ‘knowledge workers’ and others under stress.

  • Human resources: specifying and designing roles, drafting job descriptions and vacancy notices, screening and interviewing candidates, drafting contracts and agreements, preparing training plans etc.
     

  • Incident response and crisis management: strategies, policies, plans, procedures, exercises, communicating effectively during information, IT or cyber incidents (including notification of stakeholders and press releases); conducting post-incident reviews and analysis; preparing for and responding to incidents - a common lexicon to ensure timely and effective communication and coordination among teams and individuals under stress, and sensible reporting; predicting and mitigating business impacts where possible.
     

  • Investment proposals: preparation of professional and convincing business cases, budget requests, credit applications etc. relating to or involving information security, privacy etc.; review, evaluation, approval/disapproval and monitoring of same.
     

  • Metrics: appreciating and phrasing business requirements for management information relating to cybersecurity, risk etc.; reviewing, selecting, using and maintaining suitable metrics; understanding the broader context, other options, value and drawbacks.
     

  • Offboarding workers (leavers): explicitly and formally reminding them of their persistent security obligations and expectations, both legal and ethical, using precise formal language plus simpler (but relevant and accurate) descriptions.
     

  • Onboarding new workers (joiners): quickly bringing new hires up to speed on cybersecurity terminology in connection with their obligations and expectations under policies, laws, regulations and contracts (including their employment or service contracts).
     

  • Sideboarding workers: promotions, demotions, sideways moves and reorganisations.
     

  • Physical security: managing physical building, site and infrastructure access control systems, surveillance, intrusion detection systems; building management and automation systems for HVAC, lighting, lifts etc.; power management, distribution and monitoring; backup supplies, generators; home, mobile and off-site security; bodyguards and executive protection.
     

  • Privacy: competently achieving demonstrable compliance with privacy and data protection laws and regulations (e.g. GDPR, CCPA); implementing appropriate and effective privacy controls and safeguards; conducting privacy impact assessments; developing and maintaining clear and concise policies to protect personal information from unauthorized access, misuse/inappropriate exploitation, casual or intentional disclosure; duly notifying individuals about how their personal data is to be collected, used, protected, shared and disposed of, seeking their permission – wording of privacy notices and consent forms; breach/privacy incident, enquiry and complaint mechanisms and processes.
     

  • Publishing: reviewing and proofreading security-related manuscripts, such as the hyperglossary itself!
     

  • Risk management: addressing the cyber/IT and information aspects of risks in general.
     

  • Security awareness and culture: a valuable resource/tool supporting employee training, workforce education, cultural development; maintaining currency, vigilance, security and situation awareness; identifying and responding to security threats such as phishing.
     

  • Strategy: developing, reviewing and implementing realistic yet comprehensive strategies, plans and approaches in this area, using appropriate terms and concepts that demonstrate senior management’s understanding, competence, diligence and concern.
     

  • Supply chain/product risk and security management: liaising between suppliers, partners and customers concerning information risk and security aspects of products (goods and services), processes, compliance obligations (laws, regulations and contracts), conformity expectations etc.; security aspects of ongoing commercial relationship management, including contracting, reporting, incident disclosure and change management.
     

  • Threat management: identifying, assessing, avoiding and deterring information-related threats to IT systems, applications, networks, services, tools, products and business processes/activities.
     

  • Vulnerability management: identifying, assessing, and mitigating vulnerabilities in IT systems, applications, networks, services, tools, products and business processes/activities.

bottom of page