The past few days has seen a flurry of breathless articles in the cybersecurity press and blogosphere about Mythos , an exciting new AI model that can find and exploit software vulnerabilities, rapidly, efficiently, effectively, at scale. For the white-hats, it's a way to find and fix those vulnerabilities before they are exploited. For the black-hats, it's a way to find and exploit those vulnerabilities before they are fixed. Patently, this is 'dual-use technology' a.k.a. a

One way of studying a field as complex as cybersecurity is to focus in depth on a particular aspect, then move on to another. Keep going until you either run out of juice or end up pretty much back where you started, more clued-up and ready for another run through the maze. That's a fairly straightforward approach - not exactly a linear progression but a clear topic-wise sequence. Training courses typically start with the fundamentals, then move on to cover a series of more a

'Integrity' can be a rich and fascinating property with numerous creative applications and implications in cybersecurity, information security, fraud prevention, safety, trust, commerce, interpersonal interactions and more. However, define 'integrity' too narrowly and the creative possibilities, as well as its value as a term of art, shrink dramatically. Take for example the glossary entry from the newly-updated Australian Government Information Security Manual : "Integrity:

Both of them: two reviews so far , less than a month after the book was released. I invite and welcome but don't 'commission' book reviews. I am keen to receive 100% genuine comments and feedback about the Cybersecurity Hyperglossary from actual readers, no-holds-barred. If it shines, tell me. If it sucks, tell me. If something doesn't work for you, or doesn't suit your particular needs and preferences, let me know. Direct feedback plus reader reviews on sites such as Am

Targeting sloppy language ​ Are there cybersecurity-related terms that confuse you, or that other people often confuse? Take ' accountability ' and ' responsibility ' for instance: it is rare to find clear, concise and accurate explanations of either, let alone both. In practice the wrong words are often used inadvertently by people - even professionals - who simply don't appreciate the distinction, or don't really care.​   Formal definitions in standards such as ISO/IEC 2700

Valuable notes As I slogged my way through my digital master of the Cybersecurity Hyperglossary making assorted updates and corrections this morning, I noticed the frequency of 'value' and related word forms or terms (values, valued, valuable, invaluable, devalue, valuation, evaluate, evaluates, evaluated, evaluation ...).   This is just one of many such examples. Scrabble players doubtless recognise the value of variants that extend a given string - 'UN-ZIP-PER-ING-S' being

Chasing quantum-rabbits ​This morning, thanks to a note on LinkeDin by Walt Powell , I'm reading an intriguing semi-technical article about what appears to be a significant and potentially disruptive advance in quantum cryptanalysis. Since I'm not a pro cryptographer by trade and not exactly mathematically-gifted, I'm 'somewhat bewildered' by the article's terms and concepts. That prompts me to flip through the Cybersecurity Hyperglossary as I study the article and its sou

I've been pondering the book's audience again lately, begging questions such as: Who benefits from the Cybersecurity Hyperglossary? What are their interests, jobs and concerns? How do they use it? What do they use it for? ... and ... What do they get out of it? I came up with the idea of preparing 'use cases', illustrative examples for various categories of reader. So far, I have identified and characterised 14 types of reader: Technology professionals IT administrators Rese

Virtual advertising on the London Underground Just over a week post-launch, the book is doing OK, as far as I can tell at this point anyway. I've started tracking a few metrics but one of the most important (sales) inevitably lags by some months as invoices are paid, orders are fulfilled and accounts are updated. Meanwhile, I'm using indicators such as rankings, reader comments and reviews for rough clues as to how things are going. On Amazon, for instance, the book's initia

Finally!  The wait is over! Cybersecurity Hyperglossary  starts shipping today. I’ve been looking forward to this day since resolving to publish the book at the end of 2024. I didn’t fully appreciate just how much work remained to be done, and owe my sincere thanks to the publisher and editorial team. Turning my 800-page 285,000-word monster of a Word table with 5,555 rows, 40,000 internal cross-references and hundreds of Internet hyperlinks into a publishable book took an im

What a nice surprise in the post today, a parcel all the way from CRC Press in Abingdon, Oxfordshire. So exciting! Taylor & Francis came through with 836 crisply-printed pages in a clear font on good quality bright white paper, neatly laid out, smart-as. The international team of editors, typesetters and printers exhibited a remarkable dedication to quality and integrity over the ten long months it took to get to this point. Good job, well done all. Thank you! Today is the f

In most organizations, there’s a massive language divide. While the technology team wades through the weeds of protocols, patches and pings , executives fly way overhead, debating margins, liabilities, investments and strategic goals. A serious cybersecurity incident puts these groups on a crash course. When the pressure piles up, the language gulf between tech and business people can cause frustrations to boil over. As communication volume goes through the roof but comprehen

Keeping up with change is all part of the 'fun' of composing a glossary in any field that is actively progressing, such as cybersecurity for instance. 'Cybersecurity' is a classic example - now a commonplace term ... that all but defies formal definition. The approach I've adopted with the Cybersecurity Hyperglossary is to locate, quote and cite 'official' definitions from standards and other definitive sources where available. Published glossaries are useful, and fortunately

During a serious cybersecurity incident such as a ransomware attack, the boardroom becomes a pressure cooker.  Execs need to know, urgently, liabilities and timelines from the CISO who is presently roasting over hot coals. Meanwhile .... The IT, incident response and cybersecurity teams are up to their [eye]balls in escalation procedures, web services, backups and forensics. The lawyers in Legal are figuring out precisely how much to disclose to the authorities and stock mark

What do those words mean to you? What do you understand by them? What do they indicate, imply or suggest? Conversely, what do they not mean? Ignore stock dictionary definitions for now: I'm genuinely interested in your personal interpretations and perspectives. This ramble was prompted by the rapid proliferation of cybersecurity qualifications and certificates with a bewildering range of abbreviations from a large range of organisations offering an enormous variety of trainin

Exciting news: the Cybersecurity Hyperglossary is being printed by CRC Press. According to the Routledge page , it can be pre-ordered now and will ship after February 17th. Meanwhile, Amazon has already opened pre-sales ... with the same shipping date.

Context is an issue that affects the entire Cybersecurity Hyperglossary . Although I am defining them one-by-one, cybersecurity-related words and phrases are used not individually, in isolation, but in conjunction with other words and phrases, sentences and paragraphs, slotting neatly together like Lego. Aside from the words, I'll just mention punctuation, 'body language' (non-verbal communications), figures-of-speech, subtleties, slang and culture without elaborating on the

Back in 2009, ISO Guide 73 defined ' risk treatment ' as follows: Note that ' retaining the risk by informed decision ' was noted as one of seven risk treatment options at that time. Guide 73 defined ' risk acceptance ' and ' risk retention ' separately. There are problems with both definitions e.g. We literally just read that risk retention involves 'informed decision', so does that mean both risk acceptance and risk retention are based on 'informed decisions', in other word

Presently I'm adding a bunch of cloud security terms and definitions from ISO/IEC 22123-1:2023 "Information technology — Cloud computing — Part 1: Vocabulary" to my working copy of the Hyperglossary. Although the standard is available as a free download from ISO , I 'm adding value (allegedly!) by picking out terms that are information risk and security-related, citing the standard's definitions and adding my own interpretations specific to the information risk and security c

Helping students think means inspirational teaching, not rote learning This morning I received the following comment from a colleague regarding the Hyperglossary's value as an educational resource: "I was an educator in a former life; I especially appreciate your efforts not only to explain theory, concepts, and protocol, but also to link them to related content to help further understanding (and in some cases, spark generative questions).  As both a teacher and a student, I