Finally!  The wait is over! Cybersecurity Hyperglossary  starts shipping today. I’ve been looking forward to this day since resolving to publish the book at the end of 2024. I didn’t fully appreciate just how much work remained to be done, and owe my sincere thanks to the publisher and editorial team. Turning my 800-page 285,000-word monster of a Word table with 5,555 rows, 40,000 internal cross-references and hundreds of Internet hyperlinks into a publishable book took an im

What a nice surprise in the post today, a parcel all the way from CRC Press in Abingdon, Oxfordshire. So exciting! Taylor & Francis came through with 836 crisply-printed pages in a clear font on good quality bright white paper, neatly laid out, smart-as. The international team of editors, typesetters and printers exhibited a remarkable dedication to quality and integrity over the ten long months it took to get to this point. Good job, well done all. Thank you! Today is the f

In most organizations, there’s a massive language divide. While the technology team wades through the weeds of protocols, patches and pings , executives fly way overhead, debating margins, liabilities, investments and strategic goals. A serious cybersecurity incident puts these groups on a crash course. When the pressure piles up, the language gulf between tech and business people can cause frustrations to boil over. As communication volume goes through the roof but comprehen

Keeping up with change is all part of the 'fun' of composing a glossary in any field that is actively progressing, such as cybersecurity for instance. 'Cybersecurity' is a classic example - now a commonplace term ... that all but defies formal definition. The approach I've adopted with the Cybersecurity Hyperglossary is to locate, quote and cite 'official' definitions from standards and other definitive sources where available. Published glossaries are useful, and fortunately

During a serious cybersecurity incident such as a ransomware attack, the boardroom becomes a pressure cooker.  Execs need to know, urgently, liabilities and timelines from the CISO who is presently roasting over hot coals. Meanwhile .... The IT, incident response and cybersecurity teams are up to their [eye]balls in escalation procedures, web services, backups and forensics. The lawyers in Legal are figuring out precisely how much to disclose to the authorities and stock mark

What do those words mean to you? What do you understand by them? What do they indicate, imply or suggest? Conversely, what do they not mean? Ignore stock dictionary definitions for now: I'm genuinely interested in your personal interpretations and perspectives. This ramble was prompted by the rapid proliferation of cybersecurity qualifications and certificates with a bewildering range of abbreviations from a large range of organisations offering an enormous variety of trainin

Exciting news: the Cybersecurity Hyperglossary is being printed by CRC Press. According to the Routledge page , it can be pre-ordered now and will ship after February 17th. Meanwhile, Amazon has already opened pre-sales ... with the same shipping date.

Context is an issue that affects the entire Cybersecurity Hyperglossary . Although I am defining them one-by-one, cybersecurity-related words and phrases are used not individually, in isolation, but in conjunction with other words and phrases, sentences and paragraphs, slotting neatly together like Lego. Aside from the words, I'll just mention punctuation, 'body language' (non-verbal communications), figures-of-speech, subtleties, slang and culture without elaborating on the

Back in 2009, ISO Guide 73 defined ' risk treatment ' as follows: Note that ' retaining the risk by informed decision ' was noted as one of seven risk treatment options at that time. Guide 73 defined ' risk acceptance ' and ' risk retention ' separately. There are problems with both definitions e.g. We literally just read that risk retention involves 'informed decision', so does that mean both risk acceptance and risk retention are based on 'informed decisions', in other word

Presently I'm adding a bunch of cloud security terms and definitions from ISO/IEC 22123-1:2023 "Information technology — Cloud computing — Part 1: Vocabulary" to my working copy of the Hyperglossary. Although the standard is available as a free download from ISO , I 'm adding value (allegedly!) by picking out terms that are information risk and security-related, citing the standard's definitions and adding my own interpretations specific to the information risk and security c

Helping students think means inspirational teaching, not rote learning This morning I received the following comment from a colleague regarding the Hyperglossary's value as an educational resource: "I was an educator in a former life; I especially appreciate your efforts not only to explain theory, concepts, and protocol, but also to link them to related content to help further understanding (and in some cases, spark generative questions).  As both a teacher and a student, I

Technical difficulties processing more than 40 thousand embedded hyperlinks in the eBook have unfortunately caused the publication timescale to slide a little: the Cybersecurity Hyperglossary will now start shipping on February 17th 2026 . Publishers pre-orders will officially commence on January 26th although Amazon is already offering pre-sales . We're truly sorry about the delay and grateful for your continued patience. Without those hyperlinks forming an extensive mesh o

Particular words and phrases are shared by multiple cybersecurity-related terms, such as: * control - preventive, detective or corrective control ... and there are others * risk - input, processing and output risk ... and more besides * test - system, application and integration test etc. * aaS - SaaS, IaaS, PaaS, NaaS and so on *-in-the-* - MiTM, MiTE, MiTB, AiTM, or in the wild/loop/air ... *Tech - biotech, FinTech and other tech neologisms *ware  - malware, ransomware, mi

Today while reviewing a C ommittee D raft update of ISO/IEC 27003:2017 , I tripped over a terminological issue in the midst of a complex yet critical section of the standard concerning ISO/IEC 27001 clause 6.1 'Actions to address risks and opportunities'. Clause 6.1 is a major cause of confusion among organisations implementing 27001, among certification auditors assessing conformity with the standard and, it seems, among the committee responsible for these standards. In sh

Frustrating, isn’t it, when a meeting gets derailed because someone has a ‘curious’ interpretation of the spoken word?  Or when a support request or incident report is so vague that you can’t actually pin it down?  Everyday miscommunications mislead people, waste time and create unnecessary risk. For a field as critical as ours, ambiguity is a luxury we can no longer afford . I am delighted to announce the forthcoming release of the  Cybersecurity Hyperglossary  in just a mon

Over the weekend, I've been quietly contemplating the meaning and implications of cybersecurity becoming a 'profession' rather than a hobby, specialism, tradecraft or whatever. What is 'a profession' anyway? What does it really mean to be 'professional'? We use the terms informally in reference to formality, competence, maturity and so on, but I wonder about the more formal linguistic interpretation ... so out comes my favourite Collins English dictionary, millennium/4th ed

This morning I've been reading, thinking and writing about the things that reveal the true origins of a substantial proportion of the stuff posted on social media lately. It is clear to me that they are entirely or largely AI/LLM-generated, churned-out by the robots. Some pieces are frankly terrible, as if the posters have simply dashed off their prompts and regurgitated the robots' raw, crude output without a care for the readers. I've seen factual errors, manipulative ph

Confused by ambiguous cybersecurity terms? Puzzled by differing interpretations of ‘risk’ or ‘threat’ that miss the mark? You are not alone! The foundation of any mature profession is a shared language. Lawyers don't incessantly debate the definition of a 'tort,' and medics aren't confused by 'contusions.' Cybersecurity deserves that same precision and acuracy. That’s why I’m delighted to announce the upcoming release of the Cybersecurity Hyperglossary .  My new book is more

In the world of cybersecurity, staying informed is essential to staying secure. As the cybersecurity landscape continues to evolve...

In the fast-paced and ever-evolving world of cybersecurity, the use of complex jargon can often feel overwhelming and daunting to...