Welcome to the Hyperglossary group

[Gary Hinson]

Welcome friends! 

This group allows us to:

• Develop a common understanding of key terms of art;
• Discuss cybersecurity terms and concepts;
• Debate the meanings and definitions;
• Understand our different perspectives and concerns;
• Suggest new, improved or alternative definitions;
• Advance both the language and the field;
• Keep in touch with developments and progress on the book;
• Review and comment on the book (once published!), 

Along the way, I will be sharing samplers from the Hyperglossary and raising terminological or linguistic issues that arose when writing it.

Thank you in advance for your participation.

Kind regards,

Gary  

[rsl...@gmail.com]

This is great.

This is *necessary*.

Particularly:

• Develop a common understanding of key terms of art;

and 

• Understand our different perspectives and concerns;

 I'm particularly concerned about situations where we define the same terms in different ways.  We are particularly guilty of doing that, in infosec.  We use common English words in specialized ways.  I suppose all specialists do (well, just think of lawyers), but we have rushed into this field over the past six decades and made up terms willy-nilly.

One pair of terms that has driven me nuts is certification and accreditation.  Generally, in infosec, certification is the testing and assessment of a system, to make sure that it fulfills requirements.  That's our job, as the infosec professionals.  Then senior management comes in, looks at our certification work, and decides whether or not to accept the system, within the enterprise.  That's accreditation.  That's not often formally followed.  Often, companies simply buy something and start using it (and then get into trouble).  But that's been the accepted terminology for some time.

And then BCI comes along and defines it completely opposite: accreditation is the testing, and certification is management's decision!

Argh!