ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Demystifying Cybersecurity Terminology

Demystifying Cybersecurity Terminology

Raef Meeuwisse, CISM, CISA, ISACA expert speaker, and author of “Cybersecurity for Beginners”
| Posted at 3:12 PM by ISACA News | Category: Security | Permalink | Email this Post | Comments (0)

Raef MeeuwisseDo you struggle to keep up to date on the latest cybersecurity terminology?

Fear not, you are not alone.

Behavioral microtargeting, cryptojacking, fileless malware, malvertising, cloudlets, unified endpoint management and sextortion are just some of the terms cropping up with increased regularity over the past two years.

“Hey Raef, BA was just subject to a digital skimming cyberattack. Can you write a piece on that?”

I could have taken a reasonable guess at what that term means, but guesswork combined with writing for magazines is a fast way to lose credibility. Added to that, I have been maintaining a publication called The Cybersecurity to English Dictionary for a few years now. That has meant that my spidey senses tingle each time someone drops in a new term.

  • Is it something I will need to add to a future edition?
  • Was it just a term made up by an eager marketing department?
  • Does it reflect an emerging cybercrime trend or defensive technology?

A few years ago, maintaining the dictionary was a joyful skip in the park. Rarely did a new term worth defining emerge – and most of the expansion between editions was down to just extending the existing vocabulary it covered. Now, there are new terms thrown around on at least a weekly basis.

The problem is threefold:

  • Cyber criminals are rapidly developing new threat tactics in an attempt to send their industry over the trillion-dollar threshold.
  • New vulnerabilities and exploits are requiring new defensive technologies and processes. As an example – consider how Spectre and Meltdown drew many of us into looking more deeply at potential processor security gaps.
  • The budgets being assigned to cybersecurity are attracting a lot of marketing spend. Is that new term just marketing spin or does it have real value?

Together, this trinity of issues has meant that staying apprised of the language of cybersecurity has not only become tougher – but is continuing to get harder because the evolution seems to be accelerating.

How do you keep up to date?

For me, one of the best sources of real information comes from attending ISACA conferences. It is a good way to find other professionals in similar roles and compare notes on the reality of each of our environments. Those presentations also are a great way to pick up on exactly what real-world security functions are doing.

Spending a few thousand corporate dollars on attending a conference can often yield substantial returns on investment for your organization. It is a place where you can get insights into the best practices that are really working – unlike sales presentations where information is often mixed with a substantial degree of marketing spin.

Security conferences, real world consulting and news stories are my own primary sources for understanding the evolving language of cybersecurity.

Despite that, there is still a challenge. Although the principles behind cybersecurity have largely remained the same, the methods for achieving effective security are changing fast.

How fast?

Perhaps one indicator is that in the most recent update to my dictionary, I found that I had more than 100 new terms – roughly a 30% increase over the previous edition.

For example, where we once talked about anti-malware and anti-virus, discussions have now moved on to unified endpoint management.

Cybersecurity can be like learning a new language, and it is not just the information security professionals who find keeping up to date with the topic a challenge. Now that data breaches are a frequent topic for the C-suite, executives have a regular need to understand complex cybersecurity topics in plain and simple language.

The good news is that there are some great FREE resources out there to help decipher the terminology. One of those is the ISACA glossary; another is the somewhat shorter UK NCSC (National Cyber Security Centre) glossary.

In the meantime, for me, it’s time to start collating and demystifying the new terms for the 5th edition of my dictionary – and with the speed of evolution in the cybersecurity market, that might be something I have to do sooner than I would like.

Editor’s note: The Cybersecurity to English Dictionary, 4th Edition is available beginning 24 September 2018.


There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.