In information security, should "semantics" be preceeded by "just"?

I have heard and used the term "it's just semantics" many times over my lifetime.  And until recently, I attributed the same weight to it as everyone else, namely that semantics is when people argue over the meaning of a word or term, but the argument is essentially meaningless.  But does "semantics" deserve the "just" that everyone puts in front of it?  And please, follow me here.  This is not a discussion of linguistics.  I do have a point referring to information security.

As some of you know, I recently had a debate with Douglas Schweitzer over the term bot (links here and here).  And though that debate turned into something different than the original argument , I think the distinctions that I made are important (Douglas, I swear I am not trying to restart this debate - these are just some thoughts that came into my tangential mind).  Exactness is often very important, and it is even more so when doing security work.  You really have to make sure that terms are defined the same across the board if you want to avoid error.

An example would be SIM vs. log management.  If a client tells me that they want me to figure out a good SIEM for them, I will ask, "Do you need SIEM with correlation and alerting and all that, or do you just need something to gather your logs?"  If he says, "I thought SIEM was log management," then we just avoided a semantical error.  If I had just assumed that the client knew what SIEM was, then I could have wasted a lot of his and my time.

What prompted this post was this article by Adam at the Security Catalyst blog.  It struck a cord with me because of some recent "discussions" I mentioned above.  Basically, the point Adam is making is over semantics, where someone is trying to make a distinction between the terms "breach" and "incident".  Adam says:

I think that making a distinction between breach and incident in this manner is dangerous. While I believe there are indeed differences between breach and incident, I do not agree with the portrayal of each being separate from the other. Instead, a breach is a subset of the overall types of information security incidents that can affect an organization. Other types of incidents can include theft, loss, unauthorized disclosure, denial of service, mistakes, and a whole host of other issues that are too numerous to list. In the end, any occurrence that is contrary to current information security controls is, in effect, and incident. This means that any breach of information systems, past security controls, is in fact an incident.

 

One thing that we absolutely need to make clear as security individuals is that these “incidents” caused by internal employees are, at the very least, just as dangerous as “breaches” by external attackers.

This really is a great example of what I am trying to say.  You will have to read the post to get the full context, but Adam shows clearly that this is someone trying to hijack a term in order to show his company in a more positive light.  This type of word play can really cause harm, and it should be shown for what it is when it happens.