Technical Glossary

  • Audit:  An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria are being met. Audits should be objective, impartial and independent.
  • Audit Criteria:  Audit criteria include policies, procedures, and requirements.
  • Audit Evidence:  Audit evidence includes paper and electronic records, oral statements, and other verifiable information that is related to the audit criteria being used.
  • Audit Findings:  Audit findings are the results of a process that evaluates audit evidence and compares it against audit criteria. Audit findings can show that audit criteria are being met (conformity) or that audit criteria are not being met (nonconformity).
  • Audit Plan:  An audit plan specifies how a particular audit will be conducted. It describes the detail activities that will be carried out, how they will be executed and the arrangements that need to be made.
  • Backup:  refers to making copies of data so that these additional copies may be used to restore the original after a data loss event.
  • Breach:  occurs when an unauthorized person gains access to private data or computer systems.
  • Broadband:  refers to high-speed Internet access available through services like digital subscriber line (DSL), cable, fiber optic, wireless, or satellite. Learn about the types of services that are available, and the questions to ask to get the best deal for your needs – whether you shop, play games, make phone calls, watch movies, listen to music, or use other applications.  Quick Facts >>>
  • Computer Network:  a group of interconnected computers.
  • Computer Program:  a set of instructions for a computer.
  • Computer Virus:  is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner.
  • Computer Worm:  is a self-replicating computer program.
  • Data Encryption:  is the practice of hiding information..examples include the security of ATM cards, computer passwords, and electronic commerce which all depend on cryptography.
  • Data Loss:  refers to the unforeseen loss of data or information. An occurrence of data loss can be called a Data Loss Event and there are several possible root causes.
  • Data Security:  is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy.
  • Extended Validation (EV) Certificate:  a special type of X.509 certificate which requires more extensive investigation of the requesting entity by the Certificate Authority before being issued.
  • GRC - Governance, Risk Management, and Compliance:  a term that reflects a new way in which organizations can adopt an integrated approach to these three areas. However, this term is often positioned as a single business activity, when in fact, it includes multiple overlapping and related activities within an organization, e.g. internal audit, compliance programs like SOX, enterprise risk management (ERM), operational risk, incident management, etc..
  • IDS - Intrusion Detection System:  is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet.
  • Information Management:  The discipline that analyzes information as an organizational resource. It covers the definitions, uses, value and distribution of all data and information within an organization whether processed by computer or not. It evaluates the kinds of data/information an organization requires in order to function and progress effectively.
  • IPS - Intrusion Prevention System:  is used in computer security. It provides policies and rules for network traffic along with an intrusion detection system for alerting system or network administrators to suspicious traffic, but allows the administrator to provide the action upon being alerted.
  • ISF - Information Security Forum:  is a leading independent authority on information security.  By harnessing our world-renowned expertise and the collective knowledge and experience of our members - including 50% of Fortune 100 companies - the ISF delivers practical guidance and solutions to overcome wide-ranging security challenges impacting business information today.
  • LAN - Local Area Network:  a computer network covering a small physical area, like a home, office, or small group of buildings, such as a school, or an airport.
  • Malware:  software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.  Quick Facts >>> 
  • MAN - Metropolitan Area Network:  a large computer network usually spanning a city.
  • Network Firewall:  a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet.
  • Network Hub/Repeater:  a device for connecting multiple twisted pair or fiber optic Ethernet devices together and thus making them act as a single network segment.
  • Network Router:  a networking device whose functions are tailored to the tasks of routing and forwarding information between locations. For example, on the Internet, information is directed to various locations by routers.
  • Network Switch:  a computer networking device that connects network segments.
  • PGP - Pretty Good Privacy:  data encryption technology implementing public-key cryptography.  It is widely used for email encryption.
  • Phishing:  Phishing is a scam where Internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims.  Quick Facts >>> 
  • Secure-erase:  a method of software-based overwriting that completely destroys all electronic data.
  • SOX - Sarbanes-Oxley Act:  a United States federal law enacted on July 30, 2002, as a reaction to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. .
  • Spam E-mail:  a disruptive commercial message posted on a computer network or sent as e-mail
  • Spyware:  software that is designed to gather information, or to take partial or full control of a computer's operation without the knowledge of its user.  Quick Facts >>> 
  • Strong Password:  a password that is longer that 11 characters and contains a combination of uppercase and lowercase characters, numbers, and special characters.
  • VoIP - Voice over Internet Protocol:  term for a family of transmission technologies for delivery of voice communications over IP networks such as the Internet or other packet-switched networks. Other terms frequently encountered and synonymous with VoIP are IP telephony, Internet telephony, voice over broadband (VoBB), broadband telephony, and broadband phone.  Quick Facts >>> 
  • VPN - Virtual Private Network:  computer networking technology used to enable secure communications over a public network like the Internet.
  • Vulnerability scanner:  a computer program designed to map systems and search for weaknesses in an application, computer or network.
  • WAN - Wide Area Network:  a computer network that covers a broad area (i.e., any network whose communications links cross metropolitan, regional, or national boundaries).
  • WAP - Wi-Fi Protected Access:  a certification program created by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks.
  • WEP - Wired Equivalent Privacy: is a deprecated algorithm to secure IEEE 802.11 wireless networks.
  • Wi-Fi:  is a trademark of the Wi-Fi Alliance for certified products based on the IEEE 802.11 standards. This certification warrants interoperability between different wireless devices.
  • WISP - Written Information Security Program:  a written plan that describes how a business handles sensitive personal data and enforces policy violations.  An excerpt from the Massachusetts Data Breach Law (sec. 93H) "Businesses holding personal information about Massachusetts residents must (1) develop a written plan and appoint an employee to manage it and enforce violations, (2) implement firewalls and encrypt information in transit and on portable devices, and (3) train employees on information security."

Resources
img_5207916-lock-info
Technical Glossary
Data Breach Laws
Data Breaches
Business Partners
Web Links
WISP Information