So today I would like to take an original perspective on IM the, I will take the lenses of lexicographer lexicographer are those people who write dictionaries? So here is my hidden agent for today. First of all, I would like to brainwash all the audience to profoundly convince you that the most important challenge that the IM industry has to face now is to develop an accurate dictionary of IM terminology. And then I will present you to, to project, which is one humble proposition on my part to address this challenge.
Finally, I will show you a number of practical outcomes that we developed with this using this tome methodology. So, first question quickly, do you believe that I am is a field of special knowledge or a field of expertise? So of course you will all say yes, because we are, I am professionals, but it should not be a shy.
Yes, it should be a big resounding. Yes. Why is that? Because we have more than 60 years of academic research in the field, same number of years of industrial innovation, a vibrant community with many researchers, professionals, and so on and so forth. So together we build a mountain of knowledge and we should be extremely proud of it. Second question. Do you believe that we have today an accurate IM terminology and the answer is no. Why is that? Because it is extremely fragmented. We have a few Lexis there.
We have some nice technical definitions in standards here and there, but it is all piecemeal, very inconsistent.
A lot of terminology IM terminology is to be found, of course, in academic works, as we will see later on third question, how important do you believe that having an accurate IM vocabulary is? And my answer is that it is vital. So I remember many years ago I studied management and program management later on, I moved in management and both in theory and practice, we learned that the most important thing is communication.
And yet what is the foundation of communication, its words, its concepts and definitions to in such a way that we enable an accurate communication about what we are talking about and whatever we are doing in IM whatever we're doing, we are doing academic research. We are selling professional services, designing products and services. Or if we are, you are like me and IM manager trying to, to run and execute an IM program and, and, and project, or to coach new people into industry and train them what you need. The single most important thing is inaccurate for vocabulary.
So here comes the tone project.
Basically what it is, it is a methodology that has been founded on a standard Lexio graphic science and art. We built biography and highly extensive biography of Imis and build what lexicographers call a Corpus, which is a big database of IM related text. This allows us to create from those sources a dictionary, and it is published on a Wiki that is open to, to the public that is perpetually free and where I would like to have the community to collaborate.
It is owned by the open measure association that is nonprofit, which is, which provides some level of guarantee that it is int and agnostic.
So what is a good definition for a term or a concept? We are not going to have enough time to cover this topic, but what happens often is that people get emotional about what term should mean. They feel that they own the right definition of a term or concept, and then they fight against others to impose their view of what that term should mean. If this is your frame of mind, then you would be a very bad Lexi, a very poor one. Why is that? Lexi?
The development of good definitions is really not about imposing to others, your view of what terms should mean, but rather to listen and to read and to understand what people are trying to mean and you to be interested in those speakers who speak here in our case, the IM language also where we often fail poorly in the IM field, especially for Lexis that are published by people here and there it is that they are most of the time, not based into a Corpus, which is they are not, they are not linked to bibliographic resources from authoritative sources.
So what we do as part of the tone project, we have this methodology with a nice template on how to design good definitions. Just a few point here it is okay to have a term that will be, that will contain multiple definitions. This happens all the time in language. This is normal, but it is extremely important that the definitions that we provide for IM terms be related to alternative sources codes from our purpose. What we've done on the, to, with the tone project is to enrich our IM definitions with conceptual diagrams. This helps people gain a visual understanding of a concept.
Of course, it simplifies a little bit the concept. So it is a synthesis, but nevertheless, it, it, it is a very nice learning tool. Okay. So enough theory now, and let's go deep into practice and let's have look at a few simple entries from the, the open measure dictionary and, and see how it looks.
So it is impossible to put a single entry on a PowerPoint slide. Why is that?
Because all these components, the bibliography, the quotes from the, the, the references, the sample usage, the multiple definitions and so on and so forth are, are just too much information for a single PowerPoint slide. But I will show you a few example. These are just small extract from online definitions, and then you can click on the link to, to view more information. So for example, this is the concept of credential that is depicted here. It is basically a data strict. This is the, the larger class that, that, that it belongs to that vouchers for the identity of an entity.
This is what we see on the conceptual diagram on the right. And it takes values forms. It can be logical physical. There are varying lifecycle that are possible for credentials. It may be permanent.
Okay, let's cover a few other ones. What is an account takeover? Let's just look at the right side to conceptual diagram. It is part of a larger class. We call an identity theft. An account takeover is committed by a perpetrator who takes control of an United identity that is owned by a distinct victim, dumb for use motivations for the perpetrator. And an account takeover is in general, illegal.
What is a privilege abuse while it is part of a larger class called an insider threat that is itself part of a larger class called a threat.
It consists in an abusive usage of effective access permissions, one particular aspect of a privileged abuse as it is documented in the is that it is intentional. We have, we know a number of counter measures that may help to counter counter privilege abuses. And there are, there are two sub classes to this, to this issue, excessive privilege abuse and legitimate privilege abuses that are distinctively defined. What is a zombie account? A zombie account is part of a larger concept called fake digital identity. It is linked to a zombie account manager who controls it.
The zombie account manager is an unauthorized entity. The zombie account is used to perform actions, including social engineering or masquerading praise, or criticism of IDs, products, brands, and so on and so forth. This leads to this information flow, or it may be a leverage as part of a larger attack. We know also a number of counter measures and because the zombie accounts manager tends to continuously adapt to avoid prevention and detection, then we end up in a cat mouse game. Zombie account tend to proliferate on system that have open subscriptions, such, such as nurse social networks.
Okay. I think you got the point. I'm not stating here that these definitions are perfect, but they are well structured. And how could we improve them? I need for that, your help, the help of the community. I will not go into all the details for the remaining definitions that I gave as samples in the presentation.
So we have, for example, here, segregation of duties, role explosion, external authorization, externalization, which is an architectural design pattern or the tranquility property that has been very nicely documented in the, and that is linked to access management in relation to data classification.
So you will find here the link to the dictionary, the, and the link link it in feed, where we publish definitions, when there good enough for, for, for, for larger publication. Now what I need from you.
I think that as a community, we deserve to have a great, extensive and accurate dictionary to help us have great communication with our stakeholders, both within the community and with the outside world. We could do that. I think if we contribute and do it together alone, I have no way that to succeed doing all this, because I estimate that there are several hundreds, if not, perhaps thousands of terms and concepts in IM that should be documented. So if you just want to be a user, you can freely use the dictionary online, just go use it, promote it.
And if you, if some entries are missing, because there are only a few now just contact us and let me know, and I will do all my possible to increase and enrich the dictionary.
If you would like to contribute as an author, you would be warmly welcomed, come with your expertise.
I, I can give you lists of terms to, to, to define with cryptographics where to find more information about them, and your contribution will be most welcome. If you would like to help as a reviewer, you will be most welcome as well. And of course, if you would like to donate us some money to enrich our CorpU purchase online books, academic articles, and to run the it that is necessary for how Wiki you will be.
Of course, absolutely most welcome to do that. As a final conclusion, there are so many words, terms and con concepts that require an accurate definition for us to work properly and to communicate properly about what we are doing. So don't feel shy and please reach out to me and become part of this adventure. And I've done a miracle, which is to say that I've done it exactly. I think in less than 17 minutes.