Cybersecurity Hyperglossary

Back in 2009, ISO Guide 73 defined ' risk treatment ' as follows: Note that ' retaining the risk by informed decision ' was noted as one of seven risk treatment options at that time. Guide 73 defined ' risk acceptance ' and ' risk retention ' separately. There are problems with both definitions e.g. We literally just read that risk retention involves 'informed decision', so does that mean both risk acceptance and risk retention are based on 'informed decisions', in other word

Presently I'm adding a bunch of cloud security terms and definitions from ISO/IEC 22123-1:2023 "Information technology — Cloud computing — Part 1: Vocabulary" to my working copy of the Hyperglossary. Although the standard is available as a free download from ISO , I 'm adding value (allegedly!) by picking out terms that are information risk and security-related, citing the standard's definitions and adding my own interpretations specific to the information risk and security c

Helping students think means inspirational teaching, not rote learning This morning I received the following comment from a colleague regarding the Hyperglossary's value as an educational resource: "I was an educator in a former life; I especially appreciate your efforts not only to explain theory, concepts, and protocol, but also to link them to related content to help further understanding (and in some cases, spark generative questions).  As both a teacher and a student, I

Technical difficulties processing more than 40 thousand embedded hyperlinks in the eBook have unfortunately caused the publication timescale to slide a little: the Cybersecurity Hyperglossary will now start shipping on February 17th 2026 . Pre-orders will commence on January 26th. We're truly sorry about the delay and grateful for your continued patience. Without those hyperlinks forming an extensive mesh of cross-references, publication might have been a little quicker but

Particular words and phrases are shared by multiple cybersecurity-related terms, such as: * control - preventive, detective or corrective control ... and there are others * risk - input, processing and output risk ... and more besides * test - system, application and integration test etc. * aaS - SaaS, IaaS, PaaS, NaaS and so on *-in-the-* - MiTM, MiTE, MiTB, AiTM, or in the wild/loop/air ... *Tech - biotech, FinTech and other tech neologisms *ware  - malware, ransomware, mi

Today while reviewing a C ommittee D raft update of ISO/IEC 27003:2017 , I tripped over a terminological issue in the midst of a complex yet critical section of the standard concerning ISO/IEC 27001 clause 6.1 'Actions to address risks and opportunities'. Clause 6.1 is a major cause of confusion among organisations implementing 27001, among certification auditors assessing conformity with the standard and, it seems, among the committee responsible for these standards. In sh

Frustrating, isn’t it, when a meeting gets derailed because someone has a ‘curious’ interpretation of the spoken word?  Or when a support request or incident report is so vague that you can’t actually pin it down?  Everyday miscommunications mislead people, waste time and create unnecessary risk. For a field as critical as ours, ambiguity is a luxury we can no longer afford . I am delighted to announce the forthcoming release of the  Cybersecurity Hyperglossary  in just a mon

Over the weekend, I've been quietly contemplating the meaning and implications of cybersecurity becoming a 'profession' rather than a hobby, specialism, tradecraft or whatever. What is 'a profession' anyway? What does it really mean to be 'professional'? We use the terms informally in reference to formality, competence, maturity and so on, but I wonder about the more formal linguistic interpretation ... so out comes my favourite Collins English dictionary, millennium/4th ed

This morning I've been reading, thinking and writing about the things that reveal the true origins of a substantial proportion of the stuff posted on social media lately. It is clear to me that they are entirely or largely AI/LLM-generated, churned-out by the robots. Some pieces are frankly terrible, as if the posters have simply dashed off their prompts and regurgitated the robots' raw, crude output without a care for the readers. I've seen factual errors, manipulative ph

Confused by ambiguous cybersecurity terms? Puzzled by differing interpretations of ‘risk’ or ‘threat’ that miss the mark? You are not alone! The foundation of any mature profession is a shared language. Lawyers don't incessantly debate the definition of a 'tort,' and medics aren't confused by 'contusions.' Cybersecurity deserves that same precision and acuracy. That’s why I’m delighted to announce the upcoming release of the Cybersecurity Hyperglossary .  My new book is more

In the world of cybersecurity, staying informed is essential to staying secure. As the cybersecurity landscape continues to evolve...

In the fast-paced and ever-evolving world of cybersecurity, the use of complex jargon can often feel overwhelming and daunting to...

In the ever-evolving landscape of cybersecurity, staying up-to-date with the latest terminology and jargon is crucial for professionals in the field. Whether you are an information risk management expert or a cybersecurity enthusiast, having a solid grasp of cybersecurity terminology is essential for understanding the complexities here. The Cybersecurity Hyperglossary is a valuable means of demystifying the language of cybersecurity. It provides simple, clear definitions of