In the world of infosec, as holds true in many professionals fields ranging from IT to healthcare one, acronyms are EVERYWHERE. And I mean it. Every single infosec professional should invest in a mechanical handheld tally counter (trust me it will not bankrupt you, you might easily get one from Amazon for less than a coffee at Starbucks those days…) and count the number of acronyms (s)he uses during at least one day of his careers. I can tell you with blind confidence that the result will for one shock you and more importantly make you aware of this weird situation. As always awareness is the first step toward address the underlying issue, therefore providing clearer speech to more diverse audience. Trust me on this, it will help you harvest trust from your stakeholders hence strengthening your career in the longer run. Leonard da Vinci told long time ago “Simplicity is the ultimate sophistication”, didn’t he?
Following this rather longer introduction than usual, let’s get to the point of this article : IP. One of those darn acronym and I will use it as a example to illustrate how and why we should aim at avoiding them for clarity sack…
IP… Two letters that can hold at least three totally distinct meaning for infosec professional (I will let you extrapolate what this may means for professional from others fields… little disclaimer, you might get vertigo from this extrapolation).
– IP as in Intellectual Property. OK we might have borrow this one from lawyers. Should this be your first insight when reading IP it might mean that third party management / contractual review play a bit part in your agenda.
– IP as in Internet Protocol. In this case you might be an infosec professional that emphasize perimeter defense as in network segmentation/filtering or if I were to use more trendy buzzword External Attack surface Monitoring.
– IP as in IPerconvergence (ok I stretched this one bit too much, didn’t I?). This would probably mean you are within a SECOPS position, your focus might resolve around vulnerabilities, patching and backups.
In this article I chose one acronym and distinct three meanings to illustrate that we infosec professional ought to be more cautious about acronym usage during our speech since acronyms might mean different things for different people therefore resulting in misunderstanding. Maybe even more importantly this article should assist us in remembering that infosec is a (wild) wide field ranging from super deep technical expertise to handling compliance claims with law enforcement agencies or even insurance companies, we should aim as infosec professional to keep this broad picture in mind so as to display hollistic perspectives regarding our infosec program perspectives/roadmaps.
Did I miss any “IP” additional meaning relevant for infosec? If so I would be grateful should you list them in the comments section below.
Leave a Reply