Context is an issue that affects the entire Cybersecurity Hyperglossary. Although I am defining them one-by-one, cybersecurity-related words and phrases are used not individually, in isolation, but in conjunction with other words and phrases, sentences and paragraphs, slotting neatly together like Lego.

Aside from the words, I'll just mention punctuation, 'body language' (non-verbal communications), figures-of-speech, subtleties, slang and culture without elaborating on these or other relevant but tangential matters. Maybe later.

More generally, words are tools, a means of communicating about topics and considerations ranging from narrow and specific to broad, unbounded, even nebulous (cloudy!). The meanings or interpretations of words depends, in part, on how they are used, and how they contribute to, influence and maybe even detract from, ongoing conversations and concerns.

Even fine details such as precisely who is communicating, how, when and under what circumstances, affect the meaning of words.

On top of that, the intended meaning expressed by someone in words is not necessarily how others actually interpret and understand those same words. While I am trying to describe and explain an issue right here in the blog, one that I have pretty firmly in mind, you probably have 'a different take on it' - and that's fine. It's just a blog after all. I hope it is intriguing, stimulating and inspiring as much as imparting information or insight. In a sense, you and I are collaborating voluntarily on a shared creative endeavour. As I write these words, I am imagining you poring and puzzling over them ... and wondering if I will ever get to the point.

So, the point: particular words carry additional significance when used in formal contexts such as standards, policies, procedures, reports, strategies and plans. In a scientific paper, for instance, or a security metric, "significance" has a more specific meaning than it does in general conversation. "Formal" and "context" are also context-dependent, and "dependence" is yet another word with ambiguity overlaying the precise definition at its core.

It would be extremely difficult, if not literally impossible, to define every conceivable interpretation of a word in all contexts ... but the primary context for the hyperglossary is cybersecurity, substantially (or is that 'significantly'?) narrowing the problem space.

Many of the terms in the hyperglossary are formally defined in laws, standards and methods which I have quoted and cited. Within those contexts, defined terms are meant to convey particular meanings leaving precious little room for interpretation. Likewise words are usually meant to be interpreted specifically within contracts, agreements, regulations, policies and other formal contexts. For the hyperglossary, however, I have also provided generalised definitions in plain English, plus in some cases alternative meanings and distinctions (e.g. the noun and verb forms of "object" are quite different).

Hyperlinking words to their definitions - an approach that I have used extensively in the hyperglossary - is beneficial on the whole but sometimes problematic because of the context. For this reason, I chose not to hyperlink from words in quoted definitions to their respective entries in the hyperglossary. The particular way that ISO/IEC 27001 uses "information security policy", for instance, is closer to my understanding of a strategy than a policy, so linking to my definition of policy would, I feel, be misleading. Likewise with terms that are expressly linked to further definitions in the original standards, laws etc.: they are meant to be interpreted according to their formal definitions, not mine.

To close, information security is a key objective as well as a topic of the Cybersecurity Hyperglossary, a control mitigating information risks arising from our use of language. 'Mitigate', notice, not eliminate. Occasionally, the residual ambiguity is valuable, allowing some discretion and contextualisation. Hmmmm. Think on.