A Glossary of Information Security Terms
Information Security Glossary – Terms To Know
The following terms relate to information security and technology systems.
Access Controlled Environment - a secure location where proper environmental controls are in place and accessible to authorized personnel who have a proven business need to access the system.
Account - an access provided to a user such as an individual or group that utilizes a combination of a user name and password to provide limited access to a completer network or system.
Anti-Virus Software - special software that was designed to prevent viruses from corrupting a computer's hardware or software systems, used to detect and prevent computer viruses
Anti Virus Updates - regularly updated and released definitions that identify new computer viruses and are used to keep old anti-virus software effective and fully functioning in the protection of new computer viruses.
Attack - the attempt of an outsider without account access to gain unauthorized use of a computer network or system.
Attacker - the individual, entity or group that attempts to gain unauthorized access to or deny authorized access to a computer network or system.
Authentication - the method of confirming a user's identity either through something the user knows, has or is:
- A personal identification number also known as a pin (something the user knows)
- A user name and password combination (something the user knows)
- A photo identification or similar form of tangible evidence to confirm identity (something the user has)
- A fingerprint, voice tone, retinal pattern or similar human characteristic that is unique to only one person (something the user is)
Authorization - the physical act of allowing someone or something to have access or permission to conduct a specific act. In some cases, authorization may be required to permit a user who has already been authenticated to perform a particular task.
Availability - level of accessibility and amount of information that is made available for use.
Banner - a Sungard product that is integrated online to share information among systems and consists of separate systems that can work independently or together.
Business Continuity - carrying out business services on time and without disruption even in the event of the damage or loss of a system.
Breach - unauthorized exposure of protected data which may also include exposure of data to an authorized user who does not have permissions to authorize such.
CIO - Chief Information Officer
Compromise - a similar term used to describe a breach.
Confidentiality - the level of protection a system has from unauthorized sources.
Confidential Data/Confidential Information - any secure data in a system or network that could lead to identity theft.
Custodian - the person in charge of the data on a system and in charge of implementing controls, providing safeguards to protect information, and assist owners in the evaluation of controls for cost effectiveness.
Data - translated information that is easier or more convenient for processing.
Data Center - the area or facility where data is stored, usually a facility that houses servers and various networking equipment.
Device - equipment that stores data including computers, handheld devices such as PDAs and portable devices such as CDs, USB drives and diskettes.
Disaster Recovery - how data is restored in the event that there is a loss or damage to a system.
Electronic Communication - using forms of data transmission electronically such as through email or instant messaging.
Encrypted - data that has been manipulated so that only the individual or system possession the encryption algorithm, or the key, can understand it.
Encryption - how data is transformed using an algorithm so that others cannot render the data understandable. This is also called a key.
Firewall - a device limiting access to a computer network or system.
Firewall Appliance - a device that provides firewall protection to a computer device or system.
Host Based Firewall Software - software that provides a computer network or system with usable firewall protection but only when the system is running.
Internet Native Banner (INB) - a banner that is accessible through forms for those who maintain information.
Incident - any report of a breach of a system or network which is usually followed-up.
Integrity - the level of protection and accuracy of information in a computer software.
Log - a recording of information kept electronically about a particular activity performed on a computer.
Merchant - any unit that accepts payments in the form of cash, credit cards, services or gifts.
Merchant Account - the number assigned to a merchant to account for the acceptance of payment for items or services.
NAC - Network Access Control
NAT - Network Address translation
Network - the communication path and logical collection of a system of electronic devices and data.
Networked Device - the equipment that is included in a network.
Non Compliance - a failure to comply with a system.
Offsite - a location away from the network or primary location.
Patches - an update to an application software or an operating system that is expected to enhance security.
Personally Identifiable Information (PII) - a term used to describe confidential information.
POP3 - a protocol used to retrieve e-mail from a remote client system.
Portal - a community network.
Scan - a series of attempts to access a device in an effort to learn the network services or other information provided by the device and to identify weaknesses.
Security Breach - a term used to describe a breach in the system.
Server - a dedicated system that provides services or data to those outside of the network.
Site Licensed - a software or site that is licensed for use on a mass scale at little or no cost.
Self Service Banner - a user interface that an individual may use to gain access and complete actions on a network. Banks and credit cards often use these self service banners.
Unit - any operating unit such as a particular department, business center or school.
University Network - a combination of data and information that provides access to a university's network.
University Resource - data or information that is owned by a University.
User - anyone who uses or controls a system, network or other electronic data resource.
Virtual Private Network - a virtual network that is encrypted and provides a connection between two computers or networks without interruption or eavesdropping.
Vulnerability - a compromised device or flaw in the hardware or software of a device that may result in unsecure or unauthorized access.
Vulnerability Assessment - an assessment or audit of a computer system or network that aims at identifying potentially vulnerable configurations, hardware or software components which could be compromised.