The PC World Meets the PC World

Are some common cybersecurity terms racist?  Is the personal computer world being attacked by the politically correct world?  It seems that’s the accusation being leveled against the terms “blacklist” and “whitelist.”

In a recent post, the United Kingdom’s National Cyber Security Centre (NCSC) announced that it is changing the way it talks about the good and the bad in cybersecurity. And it is doing so because it was suggested that certain terms reinforce racism.

In information technology and cybersecurity circles it is fairly common to divide the bad and the good, or the permitted and the restricted  by using “black” for bad, and “white” for good.   Does this subtlety reinforce racism?  There are white hat hackers, and black hat hackers, as well as grey hat hackers.  There is the Light Side and the Dark Side of The Force.

The NCSC is specifically replacing the terms “whitelist” and “blacklist”  In the illustration above there is also a “grey list.”  Does this connote some sort of ageism?

The new terms being recommended are “allow list” and “deny list.”  As much as I am not a PC guy (as in politically correct), the PC guy (as in personal computer) in me thinks that the new terms describe more accurately the nature of these security controls.  Black and white are colors, while allow and deny are conditions.

But it is my hope that we are not forced to endure an endless string of terminology replacement that appears to violate someone’s sense of political correctness.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.