Quantifying the Growth of IT SecurityLanguage as a Reflection of Our Current State of Cybersecurity
Since 2006, there's been a 150 percent increase in cybersecurity, give or take a few percentage points. Huh?
Coming up with a specific figure to quantify the growth of information security seems to be an impossible task, but it isn't hard to show the increase in the terminology used to describe IT security and risk management by those who write guidance to secure IT systems and data. The number of information security and risk management terms employed in government IT security guidance has soared by about 150 percent in the past six years.
In 2006, the National Institute of Standards and Technology issued its 87-page first Glossary of Key Information Security Terms, defining 566 words and phrases. Earlier this month, NIST issued a draft of Interagency Report 7298 Revision 2 at 222 pages in length with definitions for 1,406 terms. The final version of revision 2 is expected to be published in early 2013 [see NIST Revising Glossary of Infosec Terms]. Revision 1, issued in 2011, defined 1,379 terms.
According to the lexicon's editor, Richard Kissel, among the terms in what will be the 2013 version of the report that weren't included in the original publication are active attack, active security testing, advanced persistent threat, adversary, cyberattack, cyber infrastructure, cybersecurity and cyberspace.
It's not that some of these terms didn't exist a half-dozen years ago; they just weren't commonly used, and they didn't appear in government publications offering IT security guidance. The terms Kissel defines are the ones found in NIST publications, as well as those from CNSSI-4009, an information assurance glossary issued by the Defense Department's Committee on National Security Systems, a forum that helps set the federal government's information assurance policy.
The language we use reflects our times, and the increase in the number of terms found in Revision 2 of IR 7298 symbolizes, over six short years, the rapid growth of the importance of information security on how we conduct business.