top of page

About cybersecurity

What is "cybersecurity"?  Seriously, what is it, to you?  What does the word mean?  What does it imply?  Think about that for a moment ... 

​​

OK, now go ahead and describe it.   Say it out loud if you like, scribble some notes or sketch a mind-map.

​

Maybe you have in mind a definition that you've read somewhere, one that resonates with you and makes sense in your context.  Perhaps you know about its linguistic origins in ancient Greek, two or three millennia ago.  However, language evolves.  The ancient Greeks didn't have computer systems!  There weren't hackers back then, and viruses were yet to be discovered so patently there was no antivirus.   Mind you, there were networks - social networks - and attacks, for sure.  Plus the odd Trojan.

​

Chances are, your particular description of "cybersecurity" is unique.  The precise form of words that make most sense to you probably differs from anyone else's.  In other words, the definition is subjective

Succinct definition of cybersecurity
Succinct definition of subjective
Succinct definition of objective

I've been asking colleagues to explain what they meant by "cybersecurity" for more than a decade, since the term started appearing, first in social media then spread to articles, standards and legislation.  Most simply ignored my request, presumably believing that I was being facetious or dumb ... but in fact it was and remains a genuine question. 

​

According to various experts, the following topics and concepts potentially fall within the cybersecurity domain: 

  • Access control
     

  • Artificial Intelligence
     

  • Backups, archives
     

  • Biometrics
     

  • Business and commercial management
     

  • Business continuity, resilience, recovery and contingency
     

  • Cloud computing, virtualisation
     

  • Compliance, conformity
     

  • Confidentiality, integrity and availability of information
     

  • Controls, countermeasures
     

  • Corporate and executive security
     

  • Cryptography
     

  • Cybersecurity!
     

  • Computer & technology security, IT, ICT, OT etc.
     

  • Datacentre design, operation, facilities and security
     

  • Finance and accounting
     

  • Forensics , digital forensics, investigations, cases
     

  • Fraud and deception, fakery, scams
     

  • Hacking, penetration testing, corporate surveillance, offensive security, red teaming
     

  • Health and safety, competence, mental health
     

  • Identification and authentication
     

  • Incident management, response, crisis management, emergencies, triage, learning, improvement
     

  • Information risk and security management, tools and techniques
     

  • Intellectual property, copyright, patents, trademarks and protective technologies
     

  • Intelligence, spies and spooks, competitive/market intelligence
     

  • IoT/Internet of Things - devices, services, networking, design, development, marketing
     

  • Knowledge management and exploitation
     

  • Law and regulation, supervision, oversight
     

  • Malware including ransomware and antivirus
     

  • Management, supervision, oversight and governance

  • Marketing e.g. use and security of contact databases
     

  • Methods, models, frameworks, approaches
     

  • Misinformation, disinformation, propaganda and other forms of social engineering e.g. teaching, marketing & advertising, politics, lobbying
     

  • Network security and data communications
     

  • Operational Technology, industrial control systems
     

  • Human Resources
     

  • Physical architecture and design, facilities management
     

  • Physical security
     

  • Policies and procedures – security, privacy, design, conformity/compliance, monitoring
     

  • Pressure groups, advocacy groups looking to understand and respond to IT security and privacy-related proposals, drafts for comment, policy statements etc.
     

  • Privacy and data protection including GDPR, HIPAA, privacy officers
     

  • Product design (goods and services, devices) – security and privacy aspects
     

  • Professional qualifications such as CISSP, CISM, CRISC, Security+, CISA, GIAC, CIA ...
     

  • Risk management: risk identification, aseessment, analysis, quantification, evaluation, treatment
     

  • Security architecture and design
     

  • Security awareness, education and training of all sorts, academic and vocational
     

  • Security/Network Operations Centres, security monitoring and response, CERTs
     

  • Security products e.g. customer training for enterprise-scale antivirus services and firewall appliances, AI-enabled products
     

  • Social networking security, misinformation, disinformation, propaganda
     

  • Software/systems development e.g. waterfall, AGILE, RAD, APIs, microservices
     

  • Strategies, tactics, plans, dynamics
     

  • Supplier and customer relations
     

  • Supply chain security, Third Party Risk Management, supplier assessments, certification and accreditation, checklists, audits, collaboration, liaisons, disputes, incidents
     

  • ... other ...

Formal definitions of "cybersecurity" in standards, laws, glossaries, surveys and methods may be broadly aligned (I've found at least a dozen so far, most of which are poorly worded and none of which is truly definitive), but is that good enough? â€‹â€‹ I fear not. 

​​

In short, discrepancies and uncertainties in the language are holding us back, unnecessarily.   There are information risks here, risks I have identified, analysed and evaluated.  The Cybersecurity Hyperglossary is my way of mitigating them.

bottom of page