I vividly remember the day, when my parents introduced me to the dictionary, it was introduced to me as a surprise one evening. For me, back then, having a book with so many pages, was a joy in itself. Every now and then, I would go looking for a word and find its meaning in the Dictionary. Humankind has come a long way since then. Today we can carry a dictionary in an "App" and the meanings of words is just a right click away! Sigh, I miss the old days!
All the tools, techniques and technology in the world are nothing without the head, heart and hands to use them wisely, kindly and mindfully.
Fast forward to the cyber age and I still believe in the power of the dictionary as an aid to help build "trust" (mind the power of this word) by:
- Getting everyone to understand the true meaning of a word;
- Absorbing the meaning in our brain;
- Applying the meaning in the context;
- Asking questions to understand the meaning better; and
- Understanding the nuances of words with similar meanings.
I have often witnessed situations, where people have grossly misunderstood cybersecurity terms, which then led to an incorrect understanding and further led to incorrect decision making.
This gets us to the question, how can we bring everyone up-to the speed and have a common minimum understanding? The answer is simple,build your own dictionary that defines cybersecurity terms and (hopefully) get people to use it.
To build your dictionary, begin with 1) identifying key terms that are hidden in your policies, 2) identifying terms that your users often ask questions about and 3) identifying terms that are questioned by your management and the Board.
Make a list of the terms, and start defining them, but consider the following:
1) Definitions should be simple and easy to understand. Explaining the complex in simple terms without losing meaning is hard, but I have faith in you!
2) Add a reference to an authoritative source, so your readers know you are adhering to some sort of standard and not just making things up.
3) Provide references to the context of your environment, without divulging any confidential information.
4) Have a representative sample of users proof read the terms.
5) Keep updating it periodically.
Once you have it ready, start sharing it with your users. Have copies printed and carry them in key meetings - such as your reviews with the Board. Get people to open it up by referencing it in your communications. Have it read by all of users during training. Share it within your community and make sure its on the desks of key people, ie: CxOs, Support Functions, etc.
I believe this initiative will definitely help your organisation champion the cause of cybersecurity and begin to build an awareness among your users that will ultimately help in building a secure organisation.
With those ideas, I want to end this post, with a food-for-thought, quote:
If the reader needs a dictionary to read your book then the dictionary may turn out to be a more interesting read. - Kevin Scott
Think through and build a cybersecurity dictionary that is unique to your organisation and your operating environment for the win!