Information Security Glossary

Showing: All results

Access Control

Access control determines who can view or use information resources (e.g., data, applications, systems, and networks), and in what circumstances.

 

Account Owner

In IT, the account owner most likely refers to the individual, organization, or entity with permission to implement changes within the account.

Advanced Encryption Standard

The Advanced Encryption Standard (AES) is an algorithm that uses a specific encryption procedure to protect…

Anonymous Data

Anonymous data cannot be traced back to the person or entity that supplied it.

Application

Applications are software designed to perform specific assigned tasks.

Applied Research

Research conducted to gain the knowledge or understanding to meet a specific, recognized need.

Authentication

Authentication is a way of establishing that the user is who they claim to be before granting access to university systems and data.

Authentication Information

Washington University in St. Louis uses a two-factor (or two-step) authentication service provided by Duo…

Authorization

Possessing official permission or being granted/denied approval by an authoritative source (e.g., owner, steward, automated mechanism) to perform an action or set of activities.

Availability

Availability means data are accessible when you need them.

Basic Research

Research undertaken primarily to acquire new knowledge without any particular application or use in mind.

Biometrics

Biometrics are unique features of individuals, for example, fingerprints, that can identify a
specific person.

Certificate

A digital certificate is a digitally signed document with a unique signature, which definitively establishes the identity of an online entity to ensure the legitimacy of a software or website.

Chemical Facility Anti-Terrorism Standards (CFATS)

The Department of Homeland Security has issued Chemical Facility Anti-Terrorism Standards for any facility that manufactures, uses, stores, or distributes certain chemicals above a specified quantity.

Cloud

Cloud computing uses the internet to deliver computing services such as storage in servers, the provision of software, and conducting analytics.

Compliance

Compliance in cyber security means meeting certain standards and obeying by regulations…

Confidential Data

Confidential information is not subject to legal regulation, but it is not freely available to create, store, and transmit.

Confidentiality

Confidentiality refers to protecting information from unauthorized access.

Containerization

Containerization is the idea of containing code and all the necessary frameworks for a program/software into one unit…

Control Zone

A control zone is a categorical designation applied to infrastructure . . .

Controlled Unclassified Information (CUI)

Controlled Unclassified Information (CUI) is a category of unclassified data that federal agencies create or possess…

Critical Information Resources

Critical Information Resources include the information technology hardware, software, networks, and services for which the loss, unavailability, or corruption would have a severe impact on the university.

Cryptography

Cryptography is the use of encryption, through ciphers, to protect sensitive or confidential data…

Cyber Threat

A cyber threat is any act or event that could be harmful to an individual, organization, or even a country through…

Cybersecurity Framework

A cybersecurity framework is a set of best practices adopted by an organization to better understand, manage, and reduce cybersecurity risk.

Data Breach

A data breach happens when an unauthorized person or organization acquires,
accesses, or uses confidential information.

Data Classification

The organized categorization of data based on potential harm from unauthorized access, alteration, or destruction.

Data Disposal

Data disposal is the process of removing, “sanitizing,” or deleting stored information.

Data Management Plan

A data management plan (DMP) is a document that specifies the following….

Deep Web/Dark Web

The Deep Web refers to are parts of the internet, or the World Wide Web (www.) that don’t come up with a standard search engine search

Deidentified Data

Deidentified data has had all individual identifiers removed.

Development Research

The systematic use of the knowledge or understanding gained from research directed toward the production of useful materials, devices, systems or methods . . .

Digital Signature

A digital signature is a type of electronic signature built with mathematical algorithms.

Domain-Specific Repository

Domain-specific repositories store data so that it may be accessed by researchers, institutions, and publishers for a specific domain.

Elevated Permissions

Elevated permissions are privileges or rights that exceed the normal levels of access granted to an individual or group of users.

Encryption

Encryption is the process of making information unreadable to all unauthorized users.

Encryption Key

Encryption keys are used for encrypting or decrypting data.

EU General Data Protection Regulation (GDPR)

The European Union’s General Data Protection Regulation (GDPR) is a privacy and security law that applies to any organization that collects or uses data from EU residents.

Family Educational Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act protects student information and gives individual students certain rights pertaining to their education records.

Federal Information Security Modernization Act (FISMA)

Under the Federal Information Security Modernization Act (FISM) federal agencies and those providing services on their behalf must develop, document, and implement security programs for information technology systems.

Food and Drug Administration Code of Federal Regulations, Title 21, Part 11 (FDA 21 CFR Part 11)

The regulations in FDA 21 CFR Part 11 set necessary criteria for electronic records and signatures to be considered reliable, trustworthy, and equivalent to paper versions.

Gramm-Leach Bliley Act (GLBA)

The Gramm-Leach Bliley Act requires financial institutions (i.e., organizations offering consumers financial products, advice, or insurance) to protect their customer’s personal information.

Hardware

Hardware refers to physical devices that connect to and interact with the WashU network.

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act specifies requirements for the privacy and security of all individually identifiable patient health information in any form or media, whether electronic, paper, or oral.

HIPAA Identifiers

HIPAA identifiers are 18 points of information that can be used to identify an individual or combined with other information to identify an individual.

Identify (CSF)

“Identify” is one of the five core functions of the NIST Cybersecurity Framework (CSF) . . .

Identity Proofing

Incident proofing is the process of providing sufficient information .  . .

Incident

Any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in the quality of that service. (ITIL perspective)

Information Resources

Information and related resources, such as equipment and information technology. . .

Information Security

Information security is a combination of practices that protect information resources from unauthorized access, use, and modification.

Institutional Review Board

An institutional review board’s role is to ensure that research involving human subjects is
done ethically and meets federal requirements and regulations.

Integrity

Integrity means data are trustworthy, complete, and have not been accidentally altered or modified by an unauthorized user.

Least Functionality

The principle of Least Functionality states that systems should only perform the necessary actions for which they are specifically designed…

Least Privilege

Least Privilege is the idea of only giving users the necessary access to complete their assigned actions.

Lessons Learned

Analyzing what went wrong, what went well, and what changes should be made going forward

Lock Screen

A lock screen is an interface on a computer, that appears upon startup and prevents access . . .

Malicious Computer Activity

Malicious computer activity seeks to compromise or impair the Confidentiality, Integrity, or Availability of information resources (e.g., systems, networks, and data).

Missouri Personally Identifiable Information (PII)

Missouri PII refers to personally identifiable information (PII) as defined by the state of Missouri.

Monitoring Data

Monitoring Data are generated by security tools during routine processes . . .

National Institute of Standards and Technology (NIST)

In cybersecurity, NIST is extremely well known for the NIST Cybersecurity Framework, as well the NIST Risk Management Framework (RMF), NIST 800-53 control guidance, NIST Digital Identity Guidelines and others.