Painting the Forth bridge

9 views
Skip to first unread message

Gary Hinson

unread,
Jun 27, 2025, 5:15:08 PMJun 27
to hyperg...@googlegroups.com
Yesterday I added an entry to my working copy of the hyperglossary:

image.png

I have not found any 'official' definitions of data sovereignty, yet, so that's my own understanding of the term, for now anyway: things may change if I trip over a definition for or relating to data sovereignty in, say, a NIST SP-800 standard or a cybersecurity-related law.

The definition is, as I said, my understanding, my attempt to express or explain the meaning straightforwardly.  That too may change if I reconsider my choice of words and think of other aspects to it, or if someone puts me straight or suggests an 'alternate reality'.   

There are already 8 hyperlinked terms in that definition leading to the corresponding 8 hyperglossary entries elsewhere ... and looking again at it just now, I wonder if there ought to be more e.g. should there also be hyperlinked entries for "jurisdiction", "law" and "regulation"?  Are those key words worth defining too?  Are they even in-scope for 'cybersecurity'?

As far as I can tell, data sovereignty generally comes up as a privacy concern with cloud computing ... so should the definition mention and link to cloud computing too? 

Lastly, the grey up-ended dumbell symbol is Word's way of showing that I have added an anchor there, allowing me to hyperlink to this entry from elsewhere in the hyperglossary - which reminds me, I ought to search the text for "data sovereignty' or similar/equivalent terms in other definitions, hyperlinking them to this one. 

So, adding this simple entry took me maybe half an hour's work.  With about 5,000 entries in the hyperglossary, I guess I must have invested at least 2,500 hours to date.   I haven't recorded my time but since I have been working sporadically on this project over about 2 or 3 decades, including about 4 months full-time this year just to get it ready for publication, the real total is much higher.  During that time, the language has evolved*.  Some terms are harder to explain or have multiple meanings, and many entries quote and cite 'official' definitions ... which involves studying the glossaries and explanations that turn up here and there, hunting for insight, and so on.  It's a good thing I enjoy this stuff!

The book publication process inevitably takes months which means the manuscript I submitted in May will not appear in print before the end of this year.  Meanwhile, the world turns: I've been adding entries and revising the content since May, and will continue doing so as long indefinitely.  I am wondering, now, whether to report significant changes on the Hyperglossary website, such as new entries and important corrections or clarifications.  Doing so will take me even more time, however, and I'm not sure if it's worth the effort.  My prime focus at the moment is getting the book to market, warts and all, and seeing it flourish!    

Kind regards/Ngā mihi,

* Way back when I was working in genetics, "biotech" emerged as a useful way to refer to those new-fangled technological advances in biology.  These days, pretty much any industry sports its own tech neologisms.  Should "sectech" and "risktech" feature in the hyperglossary?   Have I read those terms, somewhere, or is my brain hallucinating, AI-style?

________________________________________

Gary Hinson CEO of IsecT Ltd

Information risk and security consulting

ISO27k  Audit  ISMS templates and policies
Author of Pragmatic Security Metrics (with Krag Brotby)
and the Cybersecurity Hyperglossary (forthcoming!).

________________________________________

Rob Slade, greatgrandpa and widower

unread,
Jun 27, 2025, 9:40:21 PMJun 27
to hyperg...@googlegroups.com
On Fri, Jun 27, 2025 at 2:15 PM Gary Hinson <ga...@isect.com> wrote:

I have not found any 'official' definitions of data sovereignty, yet, so that's my own understanding of the term, for now anyway: things may change if I trip over a definition for or relating to data sovereignty in, say, a NIST SP-800 standard or a cybersecurity-related law.

Hey, when I published the dictionary, I couldn't find *any* previous reference to "clearance" ...

(And, believe me, I looked ...) 

--
Psalm 142:4, Ezekiel 24:16,18; Matthew 13:12; Isaiah 57:1; Genesis 2:18; 2 Corinthians 2:7,8; John 13:35; Proverbs 25:20; James 2:15,16; Proverbs 24:11-12, Jeremiah 45:3, Deuteronomy 28: 65-67, Isaiah 38:15, Psalm 69:20, Revelation 9:6, Number 11:15
Uuk klah ma, Rob.  U huk witas hluucsma, Gloria  Wikaah chachimhiy.

======================

Gary Hinson

unread,
Jun 27, 2025, 11:24:05 PMJun 27
to hyperg...@googlegroups.com
You'll be sorely disappointed with the hyperglossary then, Rob.  I have entries for clear/wipe and clearing (in the sense of sanitising) and cleartext, but not clearance (as in audit report clearance?  Or permission to take-off or go ahead?  Or deforestation?). 

Kind regards/Ngā mihi,

________________________________________

Pragmatic Security Metrics (with Krag Brotby)

Cybersecurity Hyperglossary (forthcoming!)

________________________________________



--
You received this message because you are subscribed to the Google Groups "Cybersecurity hyperglossary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hyperglossar...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/hyperglossary/CAOX%2BAR6h%3DHmoCpxJtmOt8QD8XDXGh5ZjhfYJmaNxndPW87AigQ%40mail.gmail.com.

Rob Slade, greatgrandpa and widower

unread,
Jun 28, 2025, 12:07:07 AMJun 28
to hyperg...@googlegroups.com
On Fri, Jun 27, 2025 at 8:24 PM Gary Hinson <ga...@isect.com> wrote:
You'll be sorely disappointed with the hyperglossary then, Rob.  I have entries for clear/wipe and clearing (in the sense of sanitising) and cleartext, but not clearance (as in audit report clearance?  Or permission to take-off or go ahead?  Or deforestation?). 

In the sense of matching classification/sensitivity against clearance/privilege/permissions in terms of access control, particularly mandatory access control.  I was astounded that none of the glossaries had an entry for it. 

Krag Brotby

unread,
Jun 28, 2025, 3:12:52 AMJun 28
to hyperg...@googlegroups.com
I wouldn't get too caught up in how many angels can dance on the head of a pin - the endless circularity and regression of definitions
will make you old quick. Note new stuff and add to first revision is my suggestion - focus on getting this beast airborne.
cheers

--
You received this message because you are subscribed to the Google Groups "Cybersecurity hyperglossary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hyperglossar...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/hyperglossary/CAOX%2BAR4Du89fxmA5w_fo3xE8j%3D4Z9hjV2Ay30Mzhd9y1Foxh7Q%40mail.gmail.com.

Gary Hinson

unread,
Jun 29, 2025, 1:12:01 AMJun 29
to hyperg...@googlegroups.com
Yup, fair enough.  I had to make a choice: keep digging or make a bid for freedom, escaping this rabbit warren while I could still just about make out the daylight! 

I would like to share additions, corrections and alternative definitions to the website, supplementing the first edition and lining things up for the second ... that is, provided there is a second.  First I feel the need to prove/demonstrate the value of the hyperglossary approach, and we - collectively - need to prompt alignment and coordination around the language of cybersecurity And All That, or at least pump-prime the wider debate and see how it goes.   

As to getting old quick, love that line from Pink Floyd: "And then one day you find ten years have got behind you.  No one told you when to run, you missed the starting gun."

Kind regards/Ngā mihi,

________________________________________

Gary Hinson CEO of IsecT Ltd

Information risk and security consulting

ISO27k  Audit  ISMS templates and policies
Pragmatic Security Metrics (with Krag Brotby)
Cybersecurity Hyperglossary (forthcoming!)

________________________________________


To view this discussion visit https://groups.google.com/d/msgid/hyperglossary/CAJBCom0ae3E1Xo4pSAXb%2B_16ri6eCeN2g%2B53MvRXYnyGJctpSQ%40mail.gmail.com.

Rob Slade, greatgrandpa and widower

unread,
Jun 30, 2025, 12:53:31 PMJun 30
to hyperg...@googlegroups.com

On Sat, 28 Jun 2025 at 19:12, Krag Brotby <in...@valleyvistavillage.com> wrote:
I wouldn't get too caught up in how many angels can dance on the head of a pin - the endless circularity and regression of definitions
will make you old quick. Note new stuff and add to first revision is my suggestion

In facilitating CISSP review seminars, through the decades that I have done so, one interesting observation has stood out.  The common body of knowledge of the CISSP doesn't change all that much, or all that fast.  Yes, new technologies do come along, and security, in all its details, probably changes faster than any other field of technology, since any change in any field of technology has some implications for security.  But the most important aspects of security are the principles, the concepts, the foundations and fundamentals.  New technologies come and go, but the principles on which security is based change very little over time.

Therefore, while many would think that a glossary of information security should be composed primarily of new terms for new technologies, that is, possibly surprisingly, not really the case.  The important factors are the fundamental concepts, and therefore the most important terms to know, and have properly defined, are those for the foundational ideas.  The new technologies come and go, and the new terms come and go, and those new terms must be properly defined, if only to note that those ideas are sometimes ill-defined, since they are only marketing phrases anyways.

An awful lot of the new terminology technology in information technology is actually not new.  Many of the new terms and phrases that come along are simply new terms for existing concepts which have existing terminology.  For example there is the term "cloud."  Cloud is possibly somewhat dated by this time, but even when it was first being promulgated, it described an existing concept.  "Cloud" simply means "somebody else's computer."  This idea had been discussed and developed over time, under jargon such as "thin client," "client-server," and so forth right back to "timesharing."  The only thing that cloud added to the discussion was the acronym "Could Lose Our Under Drawers," which pointed out that "cloud," while most people saw it as a good thing in security, actually opened up another level of hiding security vulnerabilities from us.

Yes, there are often new technologies, which call for new terminologies, such as quantum computing.  Often these radically new technologies are so *radically* new that we do not understand all the implications, and definitely not the security implications, until we study and work with them more fully.  Recently one of the big new ideas in information technology is simply being referred to as artificial intelligence, or even just AI.  In a sense this is a reverse of what I have just stated, in that we have been studying artificial intelligence, probably for more than seven decades now, with the added complication and difficulty that we are taking totally new approaches to the field, and are, under the same term of artificial intelligence, producing an amalgamation of a variety of different approaches, all of which have radically different security implications.

Defining the terminology and jargon of our field is a worthy and worthwhile endeavor.  It's just not that easy, and trying to state that it is easy is definitely a way to do a disservice to our profession. 
Reply all
Reply to author
Forward
0 new messages