Can Security Specialists and Enterprise Employees Speak the Same Language?
A new technical style guide could bridge the knowledge gap between IT professionals and their laymen coworkers, increasing the efficacy of enterprise security in the process.
While industry-specific jargon can serve an important purpose in the right context, it can also create gaps in access to information. Cybersecurity is a great example of where this remains a major obstacle: it’s critically important that everyone understands the practice itself, yet it’s often explained with language that’s confusing and exclusionary. When a company’s IT experts fail to communicate properly with their coworkers, the results may jeopardize the security of the whole enterprise.
The new Bishop Fox Cybersecurity Style Guide hopes to minimize the risk of such miscommunication. Written by technical editor Brianne Hughes, the guide democratizes information by providing an easy-to-understand set of rules for using IT-specific terms.
With the intention of offering more of a style guide than a dictionary, Hughes includes many relevant terms, but only defines those that are particularly tricky. She clarifies specific technical phrases like clickjacking (“In formal writing, we refer to this finding as ‘user interface (UI) redress.’ It’s also called ‘cross-frame scripting’”), and acronyms like DMARC (“Domain-based Message Authentication, Reporting and Conformance”). Some entries also include a section for related terms, which can work as a cross-referencing tool for IT newbies to deepen their understanding of their work.
The guide’s primary purpose is to establish universal usage guidelines. It even addresses the use of contended and ambiguous terms like “dark net,” the entry for which reads: “This nebulous term, along with ‘dark web‚’ and ‘deep web,’ are written and used inconsistently to refer to online black markets. Better to call it the black market or specify the site or service in formal writing.”
Finding Common Ground
Hughes hopes to promote public access to knowledge of hacking, IT, and cybersecurity. She recognizes that we all have a stake in cybersecurity and can benefit from knowing more about it.
The guide, though intended “for security researchers [and] tech journalists," clearly has applications in enterprise security, where an entire organization benefits from better understanding the world cybersecurity. In fact, companies with employees who fail to understand cybersecurity protocols are putting the entire company, as well as their millions of customers, at risk of a serious breach.
An Intermedia study revealed that 93% of employees “admit to engaging in at least one form of poor data security,” which often springs from a lack of education or a misunderstanding of network policy. These misunderstandings are usually the result of confusing or unintuitive language and they’re actually one of the most common causes of enterprise security failures.
Part of the issue is that cybersecurity pros from company to company — and even from person to person — use different language and terminology to refer to the same things, muddying the waters even further for the rest of the company. However, if IT professionals agree to use the same terms in the same ways, as the Bishop Fox guide proposes, employees across departments will be able to pick up on the real meaning of these important concepts more quickly.
CSO senior writer J.M. Porup says, “For too long, the security field has cultivated and valued technical prowess above all else. But we do not exist in a vacuum. Security work has massive consequences for the rest of society, and we have a responsibility to communicate those consequences to our fellow humans.”
Partners Who Speak Your Language
The release of the new Bishop Fox style guide is an important step toward a more unified understanding of cybersecurity. For an enterprise to guarantee high network and data security, however, the most important tool to deploy is education.
Turn-Key Technologies (TTI) has been educating employees at every level on security best practices for over 20 years — and counting. With a variety of security assessment and network management solutions and a multitude of industry certifications, we help businesses large and small secure their data while optimizing their networks for speed and cost-efficiency.
As a part of our managed services, we’ll help to train your employees on the basics of network security and ensure they have both the knowledge and the tools they need to protect the company’s digital assets.