By John McCumber, Director of Cybersecurity Advocacy, (ISC)² North America Region

I am thoroughly stoked to announce The Lexicon Project has finally come to fruition. The first thousand copies are being printed as I type this. It has taken several months, and the support of our full team here at (ISC)², but it has happened. I also want to acknowledge the critical advice from our North American Advisory Council (NAAC) for their input to the lexicon. But, why would we take this on as one of the first projects for the new Cybersecurity Advocate’s role ?

The third week of my tenure as your humble Advocate was spent walking the halls of Capitol Hill and meeting with legislators, committee members, and the Cyber Caucus. I had prepared by reading pending legislation, articles and proposals for new federal cybersecurity programs. All of it was truly eye-opening. Almost everything I read contained a plethora of misapplied terms and the random use of key words like risk, threat, and vulnerability. Even worse, many contained the words “hack” or “hacker” – a burgeoning bit of slang that can mean anything, so ultimately, means nothing.

As I listened to the policy makers, I became increasingly aware that all their good intentions were devolving into a word salad devoid of meaning. What was needed was a common language for people to accurately define proposed policies, legislation, and programs. In fact, some of these key concepts even maintain a mathematical relationship when you define the risk management process. Hence, The Lexicon Project was born to fill an important niche: a condensed reference booklet of the language of cybersecurity .

We worked with the cybersecurity professionals on our advisory council, our internal experts and others to sift through glossaries, textbooks, and courseware to determine which key concepts were critical for informing the efforts of legislators, journalists, authors, speakers, keynoters, pundits, tweeters, bloggers, lawyers, politicians, and your relatives who post nutty stuff on Facebook; basically, anyone who wants to ensure they use these terms correctly. It’s now here. Make sure you have your own copy. Download it here , or get your very own printed booklet from the friendly (ISC)² folks at upcoming cybersecurity events.