​

Are there cybersecurity-related terms that confuse you, or that other people often confuse?

Take 'accountability' and 'responsibility' for instance: it is rare to find clear, concise and accurate explanations of either, let alone both. In practice the wrong words are often used inadvertently by people - even professionals - who simply don't appreciate the distinction, or don't really care.​  

Formal definitions in standards such as ISO/IEC 27000 aren't necessarily The Ultimate Answer either. I recall the years of dispute within ISO/IEC JTC 1/SC 27 over the intended meaning of 'information asset', and 'risk' remains a hot potato.

To be fair, the concepts behind them ​are quite ​d​iffuse and complex, and English is not everyone's mother tongue. Casual use of technical language doesn't help, though ... nor sloppy genAI systems that invent fake words such as "exfiltromise"!

I know of several others but I'm keen to hear ​your thoughts. What 'trigger word​s'​ are in your sights? Which 'hot potatoes' would you rather we all stopped juggling?