Blog
(ISC)² Supports NIST Encouragement of Inclusive Cybersecurity Terminology
Commonly used cybersecurity terms such as “blacklisting” and “whitelisting” may be discontinued if the National Institute of Standards and Technologies (NIST) efforts are successful. The agency wants to eliminate terms with problematic connotations from speech and written documents and replace them with neutral, more precise wording.
“Using inclusive language can help people from diverse backgrounds feel more welcome and encourages precise, high quality work,” the agency explains in recently issued guidance document on the matter, NISTIR 8366 . The purpose of the effort is threefold:
- Develop documentary standards
- Use inclusive language in verbal communication during meetings and negotiations
- Create documentation on “realization and dissemination of physical standards”
The use of bias-free language, NIST says, allows everyone to feel included in discussions, “avoids false assumptions and permits more precise wording.” It also conveys respect to readers and listeners while “avoiding unpleasant emotions or connotations brought on by more divisive language.”
In the guidance document, NIST included a table with examples of terms that it wants to replace. For instance, instead of using “blacklisting” or “whitelisting,” the agency suggests using “denylist” or “allowlist.” Rather than using “master” and “slave” in reference to computing nodes, NIST prefers “primary” and “secondary.” “Male” and “female” connectors should be replaced with “plug” and “socket.”
Other examples include avoiding expressions such as “manmade” and “handicap,” all of which can be substituted with more precise terms without offensive connotations.
(ISC)² Supports NIST
(ISC)² endorses NIST’s inclusive language initiative, which aligns with our own efforts in promoting inclusivity and supporting bias-free language.
The (ISC)² Exams team is reviewing and revising guidelines and item development practices for future exam writing workshops to adopt more inclusive language in support of this NIST guidance. Meanwhile, the Education team will adopt more inclusive language standards for future courseware and study materials.
(ISC)² Global Diversity, Equity and Inclusion Initiative
(ISC)² has entered a new phase in our Global Diversity, Equity and Inclusion (DEI) initiative by launching a multimedia resource center with a wide range of documents and materials that organizations can use to build their own DEI initiatives or learn about the topic.
Resources in the repository include a glossary of “80 Diversity & Inclusion Definitions You Should Know,” a guide to “How to Develop a Strategic Diversity, Equity & Inclusion Plan,” a toolkit for defining the DEI business case, referrals to scholarship opportunities that promote diversity in the cybersecurity field, a webinar replay from International Women’s Day, a blog with tips for women looking to build a career in cybersecurity, a webinar on alliances and “finding your tribe,” links to relevant videos and podcasts for professionals and organizations to learn from, among other helpful tools.
The goals of the DEI initiative are to champion the moral imperatives of inclusion and equity in organizations and to foster cyber safety by expanding the recruitable cybersecurity workforce. “Everyone wins when we expand the tent, welcome more talent in and afford all staff the same opportunities for career advancement,” said (ISC)² CEO Clar Rosso.
Are you or your organization putting programs in place to foster more inclusive language in cybersecurity dialogue? We want to hear your ideas. Drop us a note at dei@isc2.org.