The role of CISO, and other InfoSec professionals, has morphed into a critical business function. One should expect getting involved in “business” discussion often, and at higher levels. Understanding and speaking business language is more important than ever for success of any InfoSec professionals. Knowing basic business lingo is also crucial for effective communication inside an organization.
Following is a list of basic terms that every InfoSec professional should understand, at least at a basic level. It is a draft list and I intend to update it later on. However, it provides a good starting point. Clicking on the links will take a reader to the relevant Wikipedia pages for more information.
- Accounting and Finance – These terms are crucial for creating business case and justification of security expenses and conversation with business leaders. Present/Future Values, Amortizations, CAPEX and OPEX, Depreciation, Cash Flow, Net Present Value (NPV), Payback Period. Income Statement (aka Profit and Loss statement or P&L), Balance Sheet, EBITDA, Depreciation, Bottom Line (or net income), Book Value
- Business Management – Did you ever have a discussion with your CEO or board members? These terms will definitely help. Working Capital, Benchmarking, Business Process Outsourcing (BPO), Compound Annual Growth Rate (CAGR), Supply Chain, Deming Cycle, Fiscal Year, Fixed and Variable Costs, GAAP, KPI, Return on Investment (ROI), SWOT Analysis
- Stock Market – If one is working in a public company, knowing these terms will definitely enhance credibility. Market Capitalization, Quarterly/Annual Reports (8-K, 10-K, 10-Q), Dividend, Options, Futures (or future contracts), SEC, NYSE, Hedge Funds, Insider Trading, Venture Capital, Stock Ticker.
- Marketing and Sales – Impressions, CTR (Click Through Rate), Conversation Rate, Bounce Rate, Infomercial, SEO, Cost Per Impression (CPI), Cold Calling
- Legal – Trademark and Service Mark, Copyrights, Patents, Deposition, Plaintiff, Jurisdiction, Discovery, Class action lawsuit
In addition to the above, there are many other terms specific to different industry sectors. For example, insurance industry has its own terminology like “liability coverage” that an InfoSec professional should learn. Same is true for manufacturing, banking, retail, government, and other industry sectors.
I am sure I may have missed many others. If a reader feels strong about any terms (or categories) that should be part of this list, please send your suggestions. Download PDF Version of this Mind Map from this link.
Subscribe to Blog
- Final Draft of Book – Cybersecurity Arm Wrestling
- Six Essential Ingredients for Building a Successful Security Operations Center (SOC)
- Achieving Excellence in SOC Operations and Incident Response
- What is a Next Generation SOC and does it Cost More?
- Setting up Computer Security Incident Response Team (CSIRT)