Information Security Technology Glossary

Access Controls: The technology, processes, and procedures used to limit and control access to information technology (IT) resources; these controls are designed to protect against unauthorized entry or use.

Accounts: User accounts are the means of access for real people to a computer system, and provide separation of the users’ activities with the system environment, preventing damage to the system or other users. User accounts are assigned a username

Active Directory: A software system that stores, organizes and provides institutional credentials directory created by Microsoft. It is responsible for authenticating and authorizing user requests for domain resources.

Active Directory Domain: A logical group of network objects (servers, workstations, and users) that share the same Active Directory database

Active Directory Trust: A Trust is a directional relationship between Active Directory domains which allows access to domain resources from authenticated users from other trusted domains.

Administrator: See System Administrator

Authentication: The act of verifying the identity of a user and the user’s eligibility to access computerized information.

Authorization: The function of specifying access rights to resources

Availability: The state of a system in a functioning condition

Business Continuity Plan (BCP): A document describing how an organization responds to an event to ensure critical business functions continue without unacceptable delay or change.

CAS: Known as Central Authentication Service, CAS permits a user to access multiple applications while providing their username and password only once.

Chief Information Security Officer (CISO): Head of the Information Security Office

Compromised Computer:    Any computing resource whose confidentiality, integrity or availability has been adversely impacted, either intentionally or unintentionally, by an untrusted source.  A compromise can occur either through manual interaction by the untrusted source or through automation.

Computer Maintenance: Tasks that must be performed on computers in order to keep them running at optimal efficiency. These tasks include applying security patches, running and maintaining antivirus software, and keeping the computer and data secure.

Confidentiality: Secrecy

Credit Card Data: Data that identifies a credit card account. This data includes primary account numbers (PAN), service codes, expiration date, magnetic stripe or storage chip data, and card validation codes.

Critical Systems And Data: Systems and data that are essential to the operations of the University of to a specific department.

Data: Records and information in a form suitable for use with a computer.

Data Administrators: People who are responsible for applying appropriate controls to data based on its classification level and required protection level. These people are usually system administrators

Data Consumer: People that read, enter, or update data.

Data Restoration Procedures: The process used to reinstate data that has been backed up.

Data Stewards: People with the responsibility of ensuring the proper handling of administrative, academic, public engagement, or research data.

Desk Audits: The act of reviewing documentation to verify technical and procedural details.

Development Environment: Software staging system, where development takes place, that is separate from the actual system

Disaster: A negative event that lasts longer than the maximum tolerable downtime

Disaster Recovery (DR) Plan: A document that outlines how the University will respond to a disaster and resume critical business functions within a predetermined period of time with minimum amount of loss.

Electronic Protected Health Information (ePHI): Electronic confidential patient information that must be secured against unauthorized exposure as per HIPAA.

Encrypted Data: Data that has undergone the process of encryption

Encryption: A technique used to transform plain text so it is unintelligible but recoverable.

Encryption Key: The input into an encryption algorithm that allows the data to be encrypted.

File Auditing: The logging of opening, modifying, or deleting files on a computer.

File Sharing: Distributing or providing access to electronic data files, usually via a network connection.

Firewall: A network device used to block network access to Information Technology resources

HIPAA: The Health Insurance Portability and Accountability Act address the security and privacy of health data.

Incident: An attempted or successful event resulting in unauthorized access, use, disclosure, modification, or destruction of information or interference with systems operations in an information system.

Information Security: Administrative, physical and technical controls that seek to maintain confidentiality, integrity, and availability of information.

Information Security Awareness Training (ISAT) Program: Training of University faculty and staff regarding the protection of various information technology resources.

Information Security Office (ISO): The unit responsible for overall information security functions for the University.

Information Technology: The act of managing technology, including computer software, information systems, computer hardware, and programming languages.

Information Technology (IT) Resources: Tools that allow access to electronic technological devices, or are an electronic technological device themselves These resources include data; computers and servers; desktop workstations, laptop computers, handheld computing and tracking devices; cellular and office phones; network devices such as data, voice and wireless networks, routers, switches, hubs; and peripheral devices.

 Insecure Communication Networks: Data networks that are designed without security requirements in mind.

Integrity: The trustworthiness of information technology resources.

Live simulations: Imitating certain events in order to help test processes and procedures

Log Harvesting: IT resources used to collect logs from various information technology (IT) resources.

Logging: The process of electronically recording activities of IT resources.

Malware: Malicious software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to information technology (IT) resources.

PCI-DSS: An IT standard for organizations that handle credit card data.

Personally Identifiable Information (PII): Data that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.

Production Environment: Final working stage of software development or network planning when product is rolled out to users.

Protected Health Information (PHI): Confidential patient information that must be secured against unauthorized exposure as per HIPAA.

Public computers: Computers that may be used by anyone in the general public

Recovery Point Objective: The maximum tolerable period in which data might be lost from an IT Service due to a breach or malfunction.

Recovery Time Objective: The duration of time and a service level within which a resource must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in availability.

Regulated Data: Information whose dispersal is determined by permission constraints, some users have access, while others do not.

Remote Desktop: The ability to control the keyboard and mouse of a computer from a remote location.

Risk Assessment: An analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of IT resources.

Security Vulnerability: A security exposure in an operating system or other system software or application software component which an attacker can exploit to gain access to the systems programs or data.

Server:   A computer that makes services such as access to data files, programs, and peripheral devices, available to workstations on a network.

Screen Lock: An automatic lock of a computer such that it may not be accessed without a username and password

Shibboleth: A method of allowing sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.

Software Patches: A piece of software designed to fix problems with, or update a computer program or its supporting data

Spam Messages: The use of electronic messaging systems (e.g., email) to send unsolicited bulk messages indiscriminately.

Strong Password: A password that requires extensive resources to guess using either brute force algorithms or human common sense.

System Administrator: A person employed to maintain and operate a computer system or network.

Tabletop Testing: A gathering of relevant individuals to review a specific process in order to improve or update the process.

Test Environment: Staging software development or network construction where the product is stress tested and bug tracked before final deployment.

Third Party: not the original creator of a product.

Threat: An action or event that posses a possible danger to a computer system. The potential for exploitation of a vulnerability.

Unencrypted Data: Plain text data that has not undergone the encryption process.

Users: People authorized to use information technology (IT) resources.

Virus: Malware that uses it host to propagate itself to other hosts.

Walkthroughs: A simulation of a process via a gathering of individuals in order to test and improve the process.

Whole Disk Encryption: Process by which the entire hard drive of a computer is encrypted.