Information Security Glossary

Access control determines who can view or use information resources (e.g., data, applications, systems, and networks), and in what circumstances.

Electronic hardware that acts as a common connection point for devices in a wireless network

In IT, the account owner most likely refers to the individual, organization, or entity with permission to implement changes within the account.

A risk review conducted outside of the regular assessment schedule

A mode of wireless networking that does not use access points

The Advanced Encryption Standard (AES) is an algorithm that uses a specific encryption procedure to protect…

A 256-bit encryption standard

Anonymous data cannot be traced back to the person or entity that supplied it.

Applications are software designed to perform specific assigned tasks.

Application Idle Timeout refers to automatic disconnection or logout . . .

Research conducted to gain the knowledge or understanding to meet a specific, recognized need.

A family of security controls that enable an organization to periodically assess the security controls effectiveness

Any hardware, software, system, or data owned, leased, vended, contracted, or operated by the university that is essential to its operations

The degree of confidence in the identity verification, authentication process, and security measures used to issue and manage digital certificates

Authentication is a way of establishing that the user is who they claim to be before granting access to university systems and data.

An IPSec security protocol that can provide integrity protection for packet headers and data through authentication

Washington University in St. Louis uses a two-factor (or two-step) authentication service provided by Duo…

A system or device that verifies the identity of a user or network element

Possessing official permission or being granted/denied approval by an authoritative source (e.g., owner, steward, automated mechanism) to perform an action or set of activities.

Availability means data are accessible when you need them.

A documented set of specifications for an information system

Research undertaken primarily to acquire new knowledge without any particular application or use in mind.

Biometrics are unique features of individuals, for example, fingerprints, that can identify a
specific person.

A legally binding agreement between a healthcare provider and a third-party vendor that ensures compliance with HIPAA when handling PHI

A trusted entity that issues and manages digital certificates

A sequence of certificates, where each certificate in the chain is signed by the next to a trusted root Certificate Authority

A list of digital certificates that have been revoked by the issuing Certificate Authority before their expiration date

A request sent from an applicant to a Certificate Authority to apply for a digital certificate

The Department of Homeland Security has issued Chemical Facility Anti-Terrorism Standards for any facility that manufactures, uses, stores, or distributes certain chemicals above a specified quantity.

A set of algorithms that define how the cryptographic operations are performed during a secure communication session

Software installed on devices to provide authenticated wireless network connections

Offers encrypted network communication locally installed VPN client software

Cloud computing uses the internet to deliver computing services such as storage in servers, the provision of software, and conducting analytics.

Compliance in cyber security means meeting certain standards and obeying by regulations…

Confidential information is not subject to legal regulation, but it is not freely available to create, store, and transmit.

Confidentiality refers to protecting information from unauthorized access.

The three core principles of information security

Containerization is the idea of containing code and all the necessary frameworks for a program/software into one unit…

a strategy involving plans, procedures, and technical measures that enable the recovery of information systems

A control zone is a categorical designation applied to infrastructure . . .

Controlled Unclassified Information (CUI) is a category of unclassified data that federal agencies create or possess…

Critical Information Resources include the information technology hardware, software, networks, and services for which the loss, unavailability, or corruption would have a severe impact on the university.

Cryptography is the use of encryption, through ciphers, to protect sensitive or confidential data…

A cyber threat is any act or event that could be harmful to an individual, organization, or even a country through…

A cybersecurity framework is a set of best practices adopted by an organization to better understand, manage, and reduce cybersecurity risk.

A data breach happens when an unauthorized person or organization acquires,
accesses, or uses confidential information.

The organized categorization of data based on potential harm from unauthorized access, alteration, or destruction.

Data disposal is the process of removing, “sanitizing,” or deleting stored information.

Data that is being transferred between locations over a private network or the Internet

Ensuring the accuracy and reliability of data throughout its lifecycle

Data Loss Prevention (DLP) refers to strategies to ensure sensitive and Protected Data are not exposed, lost, used inappropriately, or accessed without authorization. . .

A data management plan (DMP) is a document that specifies the following….

The Deep Web refers to are parts of the internet, or the World Wide Web (www.) that don’t come up with a standard search engine search