Searching Google for a definition will almost undoubtedly return multiple definitions for the same term. And it isn’t just Google returning too many definitions. Many organizations that create glossaries for their documents are very sloppy with their terms – even the US’ National Institute of Standards and Technology!
Just because someone wrote a definition, that doesn’t mean its correct. Heck, if the United States’ own National Institute of Science and Technology can write some pretty bad definitions in their glossaries – anyone can write bad definitions in theirs.
Here are some forms for you to use when examining various definitions. We’ll use these forms to examine a few terms below.
Term | Definition | Question | Y/N | Reason |
Does the definition begin with the category, or properties and features shared by other concepts or things like it? | ||||
Does this categorization make sense? Is the categorization blatantly wrong? | ||||
Does the definition continue with what makes this concept or thing is different than the other members of its category? | ||||
Do all of those things that make it different belong to this concept? |
Term | Definition | Question | Y/N | Reason |
Does the definition list as many objects, properties, or features as necessary that represent the concept or thing being described? | ||||
Do some of the items in the list not fit with the other items in the list? | ||||
Does the definition explain how those objects, properties, or features fit into a more generalized category? |
Term | Definition | Question | Y/N | Reason |
Does the definition begin with the setting, how the term is used in the document(s) it is drawn from, or the audience it is aimed at? | ||||
Does the definition that setting into the context of the category, or properties and features shared by other concepts or things like it? | ||||
Does this categorization make sense? Is the categorization blatantly wrong? | ||||
Does the definition continue with what makes this concept or thing is different than the other members of its category? |
Term | Definition | Question | Y/N | Reason |
Does the definition begin by describing this particular concept or thing as a part of a greater whole? | ||||
Does the definition continue with the category that greater whole fits into? | ||||
Does the definition add what makes this concept or thing different than the other parts of the same greater whole? |
Term | Definition | Question | Y/N | Reason |
Does the definition begin by explaining what the concept or thing does? | ||||
Does the definition continue by explaining how that role fits into a larger category with properties and other functions like it? | ||||
Does the function belong to this category? |
Term | Definition | Question | Y/N | Reason |
Does the definition begin with the category, or properties and features shared by other concepts or things like it? | ||||
Does the definition continue with what makes this concept or thing is different than the other members of its category? | ||||
Does the definition provide additional classification, history, etc. about the concept or thing for elucidation purposes? |
Term | Definition | Question | Y/N | Reason |
Does the definition begin with the category, or properties and features shared by other concepts or things like it? | ||||
Does the definition continue with what makes this concept or thing is different than the other members of its category? | ||||
Does the definition continue with the theory of why this concept or thing fits into the category or why the differentiators are important? |
In researching terms relating to cybersecurity (a topic very close to our organization’s heart), we found that everyone agrees on what the definition of cyber means, there are two different definitions of security, and eight definitions of cybersecurity.
So let’s go through the process of analyzing their definitions using the rules for testing the definitions that we listed above.
Term | Definition | Intensional Questions | Y/N | Reason |
cyber | The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions. | Does the definition begin with the category, or properties and features shared by other concepts or things like it? | Y | That’s the part in the definition where it says “interconnected information infrastructure of interactions” – cyber at Dictionary.com reiterated the computer-connectedness of the category. |
Does this categorization make sense? Is the categorization blatantly wrong? | Y | Absolutely. | ||
Does the definition continue with what makes this concept or thing is different than the other members of its category? | Y | It includes, mostly, the gamut of who and what is interconnected. | ||
Do all of those things that make it different belong to this concept? | Y |
So we know that cyber works. The category works, the specifics work.
We recently ran into two different definitions of security in two different glossaries. Both were much wordier than the dictionary definition of security. One, though wordy, was a good definition. The other, also wordy, had the wrong category altogether.
Term | Definition | Intensional Questions | Y/N | Reason |
security (dictionary) | Any measure that makes safe, protects, or defends something or someone. | Does the definition begin with the category, or properties and features shared by other concepts or things like it? | Y | The category here are all measures. |
Does this categorization make sense? Is the categorization blatantly wrong? | Y | |||
Does the definition continue with what makes this concept or thing is different than the other members of its category? | Y | Measures that make safe, measures that protect, measures that defend. Three differentia. | ||
Do all of those things that make it different belong to this concept? | Y | |||
Functional Questions | ||||
security (glossary 1) | A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach. | Does the definition begin by explaining what the concept or thing does? | Y | It explains how the condition of being secure is met through the various protective measures. |
Does the definition continue by explaining how that role fits into a larger category with properties and other functions like it? | Y | The second sentence is about all of the properties of “protective measures” that can be included. | ||
Does the function belong to this category? | Y | |||
Intensional Questions | ||||
security (glossary 2) | The protection of computer facilities, computer systems, and data stored on computer systems or transmitted via computer networks from loss, misuse, or unauthorized access. Computer security, as defined by Appendix III to OMB Circular A-130, involves the use of management, personnel, operational, and technical controls to ensure that systems and applications operate effectively and provide confidentiality, integrity, and availability. | Does the definition begin with the category, or properties and features shared by other concepts or things like it? | Y | It does begin with a category but see below. |
Does this categorization make sense? Is the categorization blatantly wrong? | N | If you read the second sentence, it says computer security. So when you go back and re-read the first sentence, the category makes sense if it was computer security but doesn’t make sense as a broad definition of security. |
Much like the definition of security, we found multiple definitions of cybersecurity. It’s almost laughable that each and every glossary we encounter with cybersecurity in it, we encounter yet another different definition of the term. Let’s put the definitions to the test.
Term | Definition | Intensional Questions | Y/N | Reason |
cybersecurity (glossary 1) | Any measure used to protect or defend the use of cyberspace from cyber attacks. | Does the definition begin with the category, or properties and features shared by other concepts or things like it? | Y | The category here, like with the first definition of security, is measures specific to cyberspace. |
Does this categorization make sense? Is the categorization blatantly wrong? | Y | |||
Does the definition continue with what makes this concept or thing is different than the other members of its category? | Y | Measures that protect and defend against cyber attacks. The measures fit the category. | ||
Do all of those things that make it different belong to this concept? | Y | |||
Intensional Questions | ||||
cybersecurity (glossary 2) | The process of protecting information by preventing, detecting, and responding to attacks. | Does the definition begin with the category, or properties and features shared by other concepts or things like it? | Y | The category is about the process of protecting, information. |
Does this categorization make sense? Is the categorization blatantly wrong? | N | It begins with a general security category of protection but skips the whole cyber aspect of it. | ||
Does the definition continue with what makes this concept or thing is different than the other members of its category? | Y | It has the differentiator of “preventing, detecting, and responding to attacks” | ||
Do all of those things that make it different belong to this concept? | N | The differentiators are coupled with information protection. This really says that the definition is about information security and not cyber security. | ||
Functional Questions | ||||
cybersecurity (glossary 3) | The protection of information assets by addressing threats to information processed, stored, and transported by internetworked information systems. | Does the definition begin by explaining what the concept or thing does? | Y | Addressing threats to processed, stored, and transported information. |
Does the definition continue by explaining how that role fits into a larger category with properties and other functions like it? | Y | It links these as a part of internetworked information systems. | ||
Does the function belong to this category? | Y | As we learned with the term cyber, internetworked information systems fits that category. |
Analyzing definitions isn’t that hard. Look for the term to fit a general category. Look for the differentiators. Follow the other questions for each of the definition types. You’ll be fine.