Glossary Flashcards

1
Q

Abstract

A

Limit the amount of detail in which personal information is processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Access Control Entry

A

An element in anaccess control list(ACL). Each ACE controls, monitors, or records access to an object by a specified user. - Acronym(s): ACE - Associated term(s):Access Control List(ACL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Access Control List

A

A list ofaccess control entries(ACE) that apply to an object. Each ACE controls or monitors access to an object by a specified user. In adiscretionary access controllist (DACL), the ACL controls access; in a system access control list (SACL) the ACL monitors access in a security event log which can comprise part of an audit trail. - Acronym(s): ACL - Associated term(s):Access Control Entry(ACE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Accountability

A

The implementation of appropriate technical and organisational measures to ensure and be able to demonstrate that the handling of personal data is performed in accordance with relevant law, an idea codified in the EU General Data Protection Regulation and other frameworks, including APEC’s Cross Border Privacy Rules. Traditionally, accountability has been a fair information practices principle, that due diligence and reasonable steps will be undertaken to ensure that personal information will be protected and handled consistently with relevant law and other fair use principles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Active Data Collection

A

When an end user deliberately provides information, typically through the use of web forms, text boxes, check boxes or radio buttons. - Associated term(s) - Passive Data Collection,First-party Collection,Surveillance Collection,Repurposing,Third-party Collection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AdChoices

A

A program run by theDigital Advertising Allianceto promote awareness and choice in advertising for internet users. Websites with ads from participating DAA members will have an AdChoices icon near advertisements or at the bottom of their pages. By clicking on the Adchoices icon, users may set preferences for behavioral advertising on that website or with DAA members generally across the web. - Associated term(s) - Digital Advertising Alliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Adequate Level of Protection

A

A transfer of personal data from the European Union to a third country or an international organisation may take place where the European Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question, ensures an adequate level of protection by taking into account the following elements - (a) the rule of law, respect for human rights and fundamental freedoms, both general and sectoral legislation, data protection rules, professional rules and security measures, effective and enforceable data subject rights and effective administrative and judicial redress for the data subjects whose personal data is being transferred - (b) the existence and effective functioning of independent supervisory authorities with responsibility for ensuring and enforcing compliance with the data protection rules - (c) the international commitments the third country or international organisation concerned has entered into in relation to the protection of personal data. - Associated term(s) - Adequacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Advanced Encryption Standard

A

Anencryptionalgorithm for security sensitive non-classified material by the U.S. Government. This algorithm was selected in 2001 to replace the previous algorithm, the Data Encryption Standard (DES), by theNational Institute of Standards and Technology (NIST), a unit of the U.S. Commerce Department, through an open competition. The winning algorithm (RijnDael, pronounced rain-dahl), was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. - Acronym(s) - AES - Associated term(s) - Authentication,Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Adverse Action

A

Under theFair Credit Reporting Act, the term “adverse action” is defined very broadly to include all business, credit and employment actions affecting consumers that can be considered to have a negative impact, such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer. Such an action requires that the decision maker furnish the recipient of the adverse action with a copy of the credit report leading to the adverse action. - Associated law(s) - FCRA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Agile Development Model

A

A process of software system and product design that incorporates new system requirements during the actual creation of the system, as opposed to thePlan-Driven Development Model. Agile development takes a given project and focuses on specific portions to develop one at a time. An example of Agile development is the Scrum Model. - Associated term(s) - Plan-Driven Development Model,User Stories,SRS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Algorithms

A

Mathematical applications applied to a block of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Anonymization

A

The process in which individually identifiable data is altered in such a way that it no longer can be related back to a given individual. Among many techniques, there are three primary ways that data is anonymized. Suppression is the most basic version of anonymization and it simply removes some identifying values from data to reduce its identifiability. Generalization takes specific identifying values and makes them broader, such as changing a specific age (18) to an age range (18-24). Noise addition takes identifying values from a given data set and switches them with identifying values from another individual in that data set. Note that all of these processes will not guarantee that data is no longer identifiable and have to be performed in such a way that does not harm the usability of the data. - Associated law(s) - Anonymous Data,De-Identification,Mircodata Sets,Re-identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Anonymous Information

A

In contrast to personal data, anonymous information or data is not related to an identified or an identifiable natural person and cannot be combined with other information to re-identify individuals. It has been rendered unidentifiable and, as such, is not protected by the GDPR. - Associated term(s) - Pseudonymous Data,De-Identification,Re-Identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Anthropomorphism

A

Attributing human characteristics or behaviors to non-human objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Anti-discrimination Laws

A

Anti-discrimination laws are indications of special classes of personal data. If there exists law protecting against discrimination based on a class or status, it is likely personal information relating to that class or status is subject to more stringent data protection regulation, under the GDPR or otherwise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Application or field encryption

A

Ability to encrypt specific fields of data - specifically sensitive data such as credit cards numbers or health-related information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Application-Layer Attacks

A

Attacks that exploit flaws in the network applications installed on network servers. Such weaknesses exist in web browsers, e-mail server software, network routing software and other standard enterprise applications. Regularly applying patches and updates to applications may help prevent such attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Appropriation

A

Using someone’s identity for another person’s purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Asymmetric Encryption

A

A form of dataencryptionthat uses two separate but relatedkeysto encrypt data. The system uses apublic key, made available to other parties, and a private key, which is kept by the first party. Decryption of data encrypted by the public key requires the use of the private key - decryption of the data encrypted by the private key requires the public key. - Associated term(s) - Symmetric Encryption,Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Attribute-Based Access Control

A

Anauthorizationmodel that provides dynamic access control by assigning attributes to the users, the data, and the context in which the user requests access (also referred to as environmental factors) and analyzes these attributes together to determine access. - Acronym(s) - ABAC - Associated term(s) - User-based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Audit Trail

A

A chain of electronic activity or sequence of paperwork used to monitor, track, record, or validate an activity. The term originates in accounting as a reference to the chain of paperwork used to validate or invalidate accounting entries. It has since been adapted for more general use in e-commerce, to track customer’s activity, or cyber-security, to investigate cybercrimes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Authentication

A

The process by which an entity (such as a person or computer system) determines whether another entity is who it claims to be. - Associated term(s) - Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Authorization

A

In the context ofinformation security, it is process of determining if the end user is permitted to have access to the desired resource such as the information asset or the information system containing the asset. Authorization criteria may be based upon a variety of factors such as organizational role, level of security clearance, applicable law or a combination of factors. When effective, authentication validates that the entity requesting access is who or what it claims to be. - Associated term(s) - Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Automated decision making

A

The process of making a decision without human involvement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Basel III

A

A comprehensive set of reform measures, developed by the Basel Committee on Banking Supervision, to strengthen the regulation, supervision and risk management of the banking sector.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Behavioral Advertising

A

Advertising that is targeted at individuals based on the observation of their behaviour over time. Most often done via automated processing of personal data, or profiling, the General Data Protection Regulation requires that data subjects be able to opt-out of any automated processing, to be informed of the logic involved in any automatic personal data processing and, at least when based on profiling, be informed of the consequences of such processing. If cookies are used to store or access information for the purposes of behavioral advertising, the ePrivacy Directive requires that data subjects provide consent for the placement of such cookies, after having been provided with clear and comprehensive information. - Acronym(s) - OBA - Associated term(s) - Online Behavioral Advertising, Behavioral Targeting,Contextual Advertising,Demographic Advertising,Premium Advertising,Psychographic Advertising,Remnant Advertising

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Big Data

A

A term used to describe the large data sets which exponential growth in the amount and availability of data have allowed organizations to collect. Big data has been articulated as “the three V’s - volume (the amount of data), velocity (the speed at which data may now be collected and analyzed), and variety (the format, structured or unstructured, and type of data, e.g. transactional or behavioral). - Associated term(s) - Metadata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Biometrics

A

Data concerning the intrinsic physical or behavioral characteristics of an individual. Examples include DNA, fingerprints, retina and iris patterns, voice, face, handwriting, keystroke technique and gait. The General Data Protection Regulation, in Article 9, lists biometric data for the purpose of uniquely identifying a natural person as a special category of data for which processing is not allowed other than in specific circumstances. - Associated term(s) - Personal Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Blackmail

A

The threat to disclose an individual’s information against his or her will.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Breach Disclosure

A

The requirement that an organization notify regulators and/or victims of incidents affecting the confidentiality and security of personal data. The requirements in this arena vary wildly by jurisdiction. It is a transparency mechanism that highlights operational failures, which helps mitigate damage and aids in the understanding of causes of failure. - Associated law(s) - FCRA,GLBA,HIPAA, various U.S. state laws - Associated term(s) - Breach notification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Breach of confidentiality

A

Revealing an individual’s personal information, despite a promise not to do so.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Bring Your Own Device

A

Use of employees’ own personal computing devices for work purposes. - Acronym(s) - BYOD - Associated term(s) - Consumerization of information technology (COIT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Browser Fingerprinting

A

As technology has advanced, it has become easier to differentiate between users just based on the given instance of the browser they are using. Each browser keeps some information about the elements it encounters on a given webpage. For instance, a browser will keep information on a text font so that the next time that font is encountered on a webpage, the information can be reproduced more easily. Because each of these saved elements have been accessed at different times and in different orders, each instance of a browser is to some extent unique. Tracking users using this kind of technology continues to become more prevalent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Caching

A

The saving of local copies of downloaded content, reducing the need to repeatedly download content. To protect privacy, pages that displaypersonal informationshould be set to prohibit caching.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

California Online Privacy Protection Act

A

Requires that all websites catering to California citizens provide a privacy statement to visitors and a easy-to-find link to it on their web pages. Websites that carrypersonal dataon children less than 18 years of age must permit those children to delete data collected about them. Websites also must inform visitors of the type ofDo Not Trackmechanisms they support or if they do not support any at all. - Link to text of law - California Online Privacy Protection Act - Acronym(s) - CalOPPA - Associated term(s) - Do Not Track

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

CCTV

A

Originally an acronym for “closed circuit television,” CCTV has come to be shorthand for any video surveillance system. Originally, such systems relied on coaxial cable and was truly only accessible on premise. Today, most surveillance systems are hosted via TCP/IP networks and can be accessed remotely, and the footage much more easily shared, eliciting new and different privacy concerns. - Associated term(s) - Video Surveillance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Chat bots

A

Computerized intelligence that simulates human interactions and may be used to handle basic customer requests and interactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Children’s Online Privacy Protection Act (COPPA) of 1998

A

A U.S. federal law that applies to the operators of commercial websites and online services that are directed to children under the age of 13. It also applies to general audience websites and online services that have actual knowledge that they are collecting personal information from children under the age of 13. COPPA requires these website operators - to post aprivacy noticeon the homepage of the website - provide notice about collection practices to parents - obtain verifiable parentalconsentbefore collecting personal information from children - give parents a choice as to whether their child’spersonal informationwill be disclosed to third parties - provide parents access and the opportunity to delete the child’s personal information andopt outof future collection or use of the information, and maintain theconfidentiality, security and integrity of personal information collected from children. - Acronym(s) - COPPA - Link to text of law - 15 U.S.C. §§ 6501-6508

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Choice

A

In the context of consent, choice refers to the idea that consent must be freely given and that data subjects must have a genuine choice as to whether to provide personal data or not. If there is no true choice it is unlikely the consent will be deemed valid under the General Data Protection Regulation. - Associated term(s) - Consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Ciphertext

A

Encrypted(enciphered) data. - Associated term(s) - NIST SP 800-21

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Cloud Computing

A

The provision of information technology services over the Internet. These services may be provided by a company for its internal users in a “private cloud” or by third-party suppliers. The services can include software, infrastructure (i.e., servers), hosting and platforms (i.e., operating systems). Cloud computing has numerous applications, from personal webmail to corporate data storage, and can be subdivided into different types of service models.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Code audits

A

Provide analysis of source code that detect defects, security breaches or violations within a technology ecosystem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Code reviews

A

Generally in-person meeting organized by developers who authored the code. The review may consist of a reader, moderator and privacy specialist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Collection Limitation

A

Afair information practicesprinciple, it is the principle stating there should be limits to the collection ofpersonal data, that any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge orconsentof the data subject.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Communications Privacy

A

One of the four classes of privacy, along with information privacy, bodily privacy and territorial privacy. It encompasses protection of the means of correspondence, including postal mail, telephone conversations, electronic e-mail and other forms of communicative behavior and apparatus.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Completeness Arguments

A

Used as a means of assuring compliance with privacy rules and policies in the design of new software systems. Completeness arguments take privacy rules and compare them to the system requirements that have been used to design a new software system. By pairing privacy rules with specific system requirements, necessary technical safeguards can be accounted for, preventing the software from being designed in such a way that would violate privacy policies and regulations. - Associated term(s) - SRS,User Stories,Plan-driven Development Model,Agile Development Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Computer Forensics

A

The discipline of assessing and examining an information system for relevant clues even after it has been compromised by an exploit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Concept of Operations

A

Used inPlan-driven Development Models, a Concept of Operations is a detailed outline of how a software product or system will work once it is fully operational. This is used to shape how a product or system will be designed and implemented. - Acronym - CONOPS - Associated term(s) - Plan-driven Development Model,SRS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Confidentiality

A

Data is “confidential” if it is protected against unauthorised or unlawful processing. The General Data Protection Regulation requires that an organization be able to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services as part of its requirements for appropriate security. In addition, the GDPR requires that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Consent

A

This privacy requirement is one of the fair information practices. Individuals must be able to prevent the collection of their personal data, unless the disclosure is required by law. If an individual has choice about the use or disclosure of his or her information, consent is the individual’s way of giving permission for the use or disclosure. Consent may be affirmative - i.e., opt-in - or implied - i.e., the individual didn’t opt out. - (1) Affirmative/Explicit Consent - A requirement that an individual “signifies” his or her agreement with a data controller by some active communication between the parties. - (2) Implicit Consent - Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Content Delivery Network

A

The servers that contain most or all of the visible elements of a web page and that are contacted to provide those elements. In the realm of advertising, a general ad server is contacted after a webpage is requested, that ad server looks up any known information on the user requesting to access the webpage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Context aware computing

A

When a technological device adapts itself to the environment. This includes characteristics as location, video, audio, brightness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Context of authority

A

Control over the access to resources on a network is based on the context in which the employee is connected to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Contextual Advertising

A

The most used form of targeted advertising on the internet. The content of the ad relies on the content of the webpage or the query entered by a user. - Associated term(s) - Behavioral Advertising,Demographic Advertising,Premium Advertising,Psychographic Advertising,Remnant Advertising.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Contextual Integrity

A

A concept developed by Helen Nissenbaum, contextual integrity is a way to think about and quantify potentialprivacy risksin software systems and products. Contextual Integrity focuses on what consumer expectations are in a given situation and how the product or system differs from that expectation. The more a product or system deviates from those expectations, the more likely a consumer will perceive a privacy harm. - Associated term(s) - Privacy Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Cookie

A

A small text file stored on a client machine that may later be retrieved by a web server from the machine. Cookies allow web servers to keep track of the end user’s browser activities, and connect individual web requests into a session. Cookies can also be used to prevent users from having to be authorized for every password protected page they access during a session by recording that they have successfully supplied their username and password already. Cookies may be referred to as “first-party” (if they are placed by the website that is visited) or “third-party” (if they are placed by a party other than the visited website). Additionally, they may be referred to as “session cookies” if they are deleted when a session ends, or “persistent cookies” if they remain longer. Notably, the General Data Protection Regulation lists this latter category, so-called “cookie identifiers,” as an example of personal information. The use of cookies is regulated both by the GDPR and the ePrivacy Directive (seeCookie Directive). - Associated term(s) - First-Party Cookie,Persistent Cookie,Third-Party Cookie, Tracking Cookie, Web Cookie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Coupling

A

The interdependence between objects within a technology ecosystem and controls the flow of information within a design. Tightening the coupling, allows objects to depend on the inner working of other objects. Loosening the coupling reduces object’s dependency on other objects. Loosening isolates information processing to a select group of approved classes and reduces the chance of unintentionally re-purposing data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Cross-site Scripting

A

Code injected by malicious web users into web pages viewed by other users. - Acronym(s) - XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Cryptography

A

The science or practice of hiding information, usually through its transformation. Common cryptographic functions include - encryption, decryption,digital signatureandnon-repudiation. - Associated term(s) - Digital signature,encryption,non-repudiation,PKI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Cryptosystem

A

The materials necessary toencryptand decrypt a given message, usually consisting of the encryption algorithm and the security key. - Associated term(s) - Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Customer Access

A

A customer’s ability to access thepersonal informationcollected on them as well as review, correct or delete any incorrect information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Customer Data Integration

A

The consolidation and managing ofcustomer informationin all forms and from all sources allowable. CDI is a vital component of customer relationship management. - Acronyms - CDI - Associated term(s) - Customer Relationship Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Customer Information

A

In contrast toemployee information, customer information includes data relating to the clients of private-sector organizations, patients within the healthcare sector and the general public within the context of public-sector agencies that provide services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Cyberbullying

A

Exposing a person’s private details or re-characterizing the person beyond the person’s control via technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Dark patterns

A

Recurring solutions that are used to manipulate individuals into giving up personal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Data Aggregation

A

Taking Individual data sets and combining them to statistically analyze data trends while protecting individual privacy by using groups of individuals with similar characteristics rather than isolating one individual at a time. To effectively aggregate data so that it cannot be re-identified (or at least make it difficult to do so) the data set should - (1) have a large population of individuals, (2) Categorized to create broad sets of individuals, and - (3) not include data that would be unique to a single individual in a data set. - Associated term(s) - De-identification,Re-identification,Pseudonymous Data,Anonymous Information,Identifiability,Identifiers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Data Breach

A

The unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a data collector. Breaches do not include good faith acquisitions of personal information by an employee or agent of the data collector for a legitimate purpose of the data collector—provided the personal information is not used for a purpose unrelated to the data collector’s business or subject to further unauthorized disclosure. - Associated term(s) - Breach,Privacy Breach (Canadian)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Data Centers

A

Facilities that store, manage and disseminate data and house a network’s most critical systems. Data centers can serve either as a centralized facility for a single organization’s data management functions or as a third-party provider for organization’s data management needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Data Controller

A

The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by EU or member state law, the controller or the specific criteria for its nomination may be provided for by EU or member state law. - Associated term(s) - Data Processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Data Elements

A

A unit of data that cannot be broken down further or has a distinct meaning. This may be a date of birth, a numerical identifier, or location coordinates. In the context of data protection, it is important to understand that data elements in isolation may not be personal data but, when combined, become personally identifiable and therefore personal data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Data Flow Diagrams

A

A graphical representation of the flow of data in an information system thus allowing the visualization of how the system operates to accomplish its purpose. DFDs are used both by systems analysts to design information systems and by management to model the flow of data within organizations. - Acronym(s) - DFD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Data Loss Prevention

A

Term used to describe both the strategy for ensuring end users do not disseminate sensitive information, whether intentionally or unintentionally, to outside ineligible sources and the software products that aid network administrators in controlling what data end users can transfer. - Acronym - DLP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Data Masking

A

The process ofde-identifying,anonymizing, or otherwise obscuring data so that the structure remains the same but the content is no longer sensitive in order to generate a data set that is useful for training or software testing purposes. - Associated term(s) - Obfuscation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Data Matching

A

An activity that involves comparingpersonal dataobtained from a variety of sources, includingpersonal informationbanks, for the purpose of making decisions about the individuals to whom the data pertains.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Data Minimization Principle

A

The idea that one should only collect and retain that personal data which is necessary. - Link to text of law - Directive 95/46/EC - Link to text of law - Regulation EC (No) 45/2001

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Data Processing

A

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. - Associated term(s) - Data Processor, Processing, Processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Data Processor

A

A natural or legal person (other than an employee of the controller), public authority, agency or other body which processes personal data on behalf of the controller. An organization can be both a controller and a processor at the same time, depending on the function the organization is performing. - Associated term(s) - Data Controller, Processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Data Protection Authority

A

Independent public authorities that supervise the application of data protection laws in the EU. DPAs provide advice on data protection issues and field complaints from individuals alleging violations of the General Data Protection Regulation. Each EU member state has its own DPA. Under GDPR, DPAs have extensive enforcement powers, including the ability to impose fines that total 4% of a company’s global annual revenue. - Acronym(s) - DPA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

Data Quality

A

A fair information practices principle, it is the principle that personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date. The quality of data is judged by four criteria - Does it meet the business needs? - Is it accurate? - Is it complete?, and is it recent? Data is of an appropriate quality if these criteria are satisfied for a particular application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Data Recipient

A

A natural or legal person, public authority, agency or another body, to which personal data is disclosed, whether a third party or not. Public authorities that receive personal data in the framework of a particular inquiry in accordance with EU or member state law shall not be regarded as recipients, however. The processing of that data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Data schema

A

Used to separate customer information. Data schema formulates all the constraints to be applied on the data, defines its entities and relationships among them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Data Subject

A

An identified or identifiable natural person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

Declared Data

A

Personal informationthat is directly given to a social network or other website by a user. - Associated term(s) - Consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Deep learning

A

A subset of artificial intelligence and machine learning. It learns by performing a tasks repeatedly and adding layers of data to improve the outcome.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Demographic Advertising

A

Web advertising based on information about an individual such as age, height, weight, geographic location or gender. - Associated term(s) - Behavioral Advertising,Contextual Advertising,Premium Advertising,Psychographic Advertising,Remnant Advertising.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Design patterns

A

Describes shared solutions to recurring problems. Design patterns serve to improve program code maintenance by providing developers with a common mental module when approaching a recurring problem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Design Thinking Process

A

Used in combination withvalue-sensitive design. The design thinking process has five phases - empathize, define, ideate, prototype and test.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Differential identifiability

A

Setting parameters that limits the confidence that any particular individual has contributed to an aggregated value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Digital Advertising Alliance

A

A non-profit organization that sets standards for consumer privacy, transparency and control in online advertising. Over 100 advertising companies participate in and comply with their standards. The DAA has an agreement with both theCouncil on Better Business Bureausand theDirect Marketing Associationto enforce the self-regulatory standards set down by theDigital Advertising AllianceincludingAdChoices, a programming offering user control overbehavioral advertising. - Acronym - DAA - Associated term(s) - AdChoices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Digital Fingerprinting

A

The use oflog filesto identify a website visitor. It is often used for security and system maintenance purposes. Log files generally include - the IP address of the visitor - a time stamp - theURLof the requested page or file - a referrer URL, and the visitor’s web browser, operating system and font preferences. In some cases, combining this information can be used to “fingerprint” a device. This more detailed information varies enough among computing devices that two devices are unlikely to be the same. It is used as a security technique by financial institutions and others initiating additional security assurances before allowing users to log on from a new device. Some privacy enforcement agencies - however, have questioned what would constitute sufficient notice and consent for digital fingerprinting techniques to be used for targeted advertising. - Associated term(s) - Biometric Data,Authentication,Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Digital Rights Management

A

The management of access to and use of digital content and devices after sale. DRM is often associated with the set of access control (denial) technologies. These technologies are utilized under the premise of defending copyrights and intellectual property but are considered controversial because they may often restrict users from utilizing digital content or devices in a manner allowable by law. - Acronym(s) - DRM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Digital Signature

A

A means for ensuring the authenticity of an electronic document, such as an e-mail, text file, spreadsheet or image file. If anything is changed in the electronic document after the digital signature is attached, the signature is rendered invalid. - Associated term(s) - Authentication,Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Directive on Privacy and Electronic Communications Act 2002/58EC

A

A continuation of policy directives for theEuropean UnionMember States as set forth in theData Protection Directive. It has been amended by theCookie Directive 2009/136EC, which added a requirement that all websites using tracking cookies obtain user consent unless the cookie is “strictly necessary for the delivery of a service requested by the use.” This policy recognizes the importance of cookies for the functioning of modern websites while still making users aware of any tracking the user may not want to participate in. - Link to text of law - Directive on Privacy and Electronic Communications Act 2002/58EC - Acronyms - ePrivacy Directive, Cookie Directive - Associated term(s) - Data Protection Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Disassociability

A

Minimization of connections between data and individuals to the extent compatible with system operational requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Discretionary Access Control

A

A type of access control that allows an owner of an object, within a given computer-based information system, to grant or deny access. - Acronym(s) - DAC - Associated term(s) - Mandatory Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Distortion

A

Spreading false and inaccurate information about an individual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

DMZ (Demilitarized Zone) Network

A

A firewall configuration for securinglocal area networks(LANs). In a DMZ configuration, there are a set of computers that act as a broker for traffic between the LAN and an outside network allowing the majority of computers to run safely behind a firewall. Thus these computers act as a broker similar to a joint security area in a political demilitarized zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Do Not Track

A

A proposed regulatory policy, similar to the existingDo-Not-Call Registryin the United States, which would allow consumers toopt outof web-usage tracking. - Acronym(s) - DNT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

E-Commerce Websites

A

Websites with online ordering capabilities have special privacy advantages and risks. Unlike other web advertisers, E-Commerce websites have direct access to information regarding user purchases and payment information. While creating a great opportunity for targeted advertising, it also puts extra onus on these websites to protect user information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

Electronic Communications Data

A

Consists of three main categories of personal data, as defined in the European Union under the ePrivacy Directive - the content of a communication, traffic data, and location data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

Electronic Communications Network

A

Transmission systems, and, where applicable, switching or routing equipment and other resources that permit the conveyance of signals by wire, radio, optical or other electromagnetic means, including satellite networks - fixed and mobile terrestrial networks - electricity cable systems, to the extent that they are used for the purpose of transmitting signals - networks used for radio and television broadcasting, and cable television networks, irrespective of the type of information conveyed. In the discussions surrounding the update of the ePrivacy Directive to the ePrivacy Regulation, so-called “over the top” providers, like app-based messaging services, are beginning to be considered as part of the electronic communications network. - Acronym(s) - ECN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Electronic Communications Service

A

Any service which provides to users thereof the ability to send or receive wire or electronic communications. - Acronym(s) - ECS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

Electronic Surveillance

A

Monitoring through electronic means - i.e., video surveillance, intercepting communications, stored communications or location based services. - Associated law(s) - Electronic Communications Privacy Act,Stored Communications Act, Wiretap Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

Encryption

A

The process of obscuring information, often through the use of a cryptographic scheme in order to make the information unreadable without special knowledge - i.e., the use of code keys. Encryption is mentioned in the General Data Protection Regulation as a potential way to mitigate risk, and certain breach notification requirements may be mitigated by the use of encryption as it reduces the risks to the rights and freedoms of data subjects should data be improperly disclosed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

Encryption Key

A

Acryptographicalgorithm applied to unencrypted text to disguise its value or used to decrypt encrypted text.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

End-User License Agreement

A

A contract between the owner of the software application and the user. The user agrees to pay for the use of the software and promises to comply with certain restrictions on that use. - Acronym(s) - EULA - Associated term(s) - Terms of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

Enterprise Architecture

A

A conceptual outline, blueprint, or diagram that defines the structure and the operation of an organization, normally in the context of developing a strategy for the realization of current and future goals or objectives. - Acronym(s) - EA - Associated term(s) - IT Architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

EU Data Protection Directive

A

The EU Data Protection Directive (95/46/EC) was replaced by the General Data Protection Regulation in 2018. The Directive was adopted in 1995, became effective in 1998 and was the first EU-wide legislation that protected individuals’ privacy and personal data use. - Associated term(s) - Data Protection Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

Exclusion

A

Denies an individual knowledge of and/or participation in what is being done with their information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

Exposure

A

The revelation of information that we normally conceal from most others, including private physical details about our bodies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

Extensible Markup Language

A

A markup language that facilitates the transport, creation, retrieval and storage of documents. Similar toHTML,XMLuses tags to describe the contents of a web page or file. XML describes content of a web page in terms of the data that is being produced, potentially creating automaticprocessing of datain ways that may require attention for privacy issues, unlike HTML, which describes the content of a web page in terms of how it should be displayed. - Acronym(s) - XML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

Extranet

A

A network system formed through the connection of two or more corporate intranets. These external networks create inherent security risks, while often also meeting important organizational goals. An extranet opens a backdoor into the internal network and provides a third party with a level of trust. While these risks cannot be eliminated, they can be assessed, managed and mitigated. The foundation of this management is a thorough and detailed e-business contract that specifies who may access data, what data will be accessed and what security controls the partner has in place. It should also detail how shared devices will be managed, procedures for cooperating with technical staff in the event of problems and escalation procedures for resolving difficult technical problems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

Factors Analysis in Information Risk (FAIR) model

A

FAIR constructs a framework that breaks risk into the frequency of action and magnitude of the violations.

114
Q

Federated identity

A

A model in which a person’s identity is authenticated in a trusted centralized service.

115
Q

Financial Instruments and Exchange Law of Japan

A

Japanese legislation aimed at the financial services sector that established cross-sectional legislative framework for investor protections, enhanced disclosure requirements, provided guidelines for the management of self-regulatory operations by financial exchanges, and implemented strict countermeasures against unfair trading. - Link to text of law - Financial Instruments and Exchange Law of Japan

116
Q

First-Party Collection

A

A data subject providespersonal datato the collector directly, through a form or survey that is sent to the collector upon thedata subjectsubmitting the information - Associated term(s) - Active Collection,Passive Collection,Surveillance Collection,Repurposing,Third-party Collection

117
Q

Flash

A

Software that is used to add animation and other visual effects to web-based content.

118
Q

Frequency data

A

The number of times a data value occurs.

119
Q

Functional System Requirements

A

Specific details about how a system should work, what inputs create what outputs, and design elements to be implemented. For example, “A system shall do processing ofpersonal informationto create user profiles.” - Associated term(s) - Plan-driven Development Model,Agile Development Model,SRS,User Stories,Non-functional System Requirements

120
Q

Geo-social patterns

A

Data from smartphones and other devices that provide information regarding mobility and social patterns and behaviors. Individuals share information such as emotions, opinions, experiences and locations - generating a data about human activity via artificial intelligence and machine learning which allows for meaningful patterns and trends to be surmised.

121
Q

GET Method

A

The GET and POSTHTMLmethod attributes specify how form data is sent to a web page. The GET method appends the form data to theURLin name/value pairs allowing passwords and other sensitive information collected in a form to be visible in the browser’s address bar, and is thus less secure than the POST method. - Associated term(s) - POST Method

122
Q

Global Privacy Enforcement Network

A

Organized following an OECD recommendation for cooperation among member countries on enforcement of privacy laws, GPEN is collection of data protection authorities dedicated to discussing aspects of privacy law enforcement cooperation, the sharing of best practices, development of shared enforcement priorities, and the support of joint enforcement initiatives and awareness campaigns. As of 2018, GPEN counted 50 member countries. - Acronym(s) - GPEN

123
Q

Globally Unique Identifier

A

An identifier that is one of a kind to a specific user. For example, biometric data or a loginID for a social network. - Acronym(s) - GUID - Associated term(s) - Authentication,Authorization,Identifiability,Identifiers.

124
Q

Harm Dimensions

A

University of Washington associate professor of law, Ryan Calo, identified two dimensions of privacy harms - objectiveandsubjective. The perception of harm is just as likely to have a significantly negative impact on individual privacy as experienced harms.

125
Q

Hashing Functions

A

Or “hashing” is taking user identifications and converting them into an ordered system to track the user’s activities without directly using personally identifiable information (PII). Hashing can be used toencryptor map data - in the context of privacy, hashing is used incryptographichash functions and have many information security applications. - Associated term(s) - Anonymous Information,Pseudonymous Data,De-Identification,Re-Identification

126
Q

Hide

A

Personal information is made un-connectable or un-observable to others.

127
Q

High level design

A

How the system’s part, both front end and back end work together to implement the behaviors that a system should exhibit.

128
Q

High-level design

A

How the system’s part, both front end and back end work together to implement the behaviors that a system should exhibit.

129
Q

Homomorphic

A

Allows encrypted information to be manipulated without first being decrypted.

130
Q

HTML

A

SeeHypertext Markup Language

131
Q

Hyperlink

A

Linked graphic or text that is used to connect an end user to other websites, parts of websites or web-enabled services. TheURLof a web location is embedded in theHTMLcode, so that when certain words or images are selected through the web browser, the end user is transported to the destination website or page.

132
Q

Hypertext Markup Language (HTML)

A

A content authoring language used to create web pages. Web browsers use HTML to interpret and render visible and audible content from the web pages. Document “tags” can be used to format and lay out web page content and to “hyperlink”—connect dynamically—to other web content. Forms, links, pictures and text may all be added with minimal commands. Headings are also embedded into the text and are used by web servers to process commands and return data with each request. - Acronym(s) - HTML - Associated term(s) - HTTP,HTTPS

133
Q

Hypertext Transfer Protocol

A

A networking language that manages data packets over the Internet. It defines how messages are formatted and transmitted over aTCP/IPnetwork for websites. Further, it defines what actions Web servers and web browsers take in response to various commands. - Acronym(s) - HTTP - Associated term(s) - HTML,HTTPS

134
Q

Hypertext Transfer Protocol Secure

A

A secure network communication method, technically not a protocol in itself, HTTPS is the result of layering theHypertext Transfer Protocol(HTTP) on top of theSSL/TLSprotocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. - Acronym(s) - HTTPS - Associated term(s) - HTTP,SSL/TLS

135
Q

Identifiability

A

The degree to which a user is identified by anauthenticationsystem. The more unique (identifiable), the easier that user is tracked or targeted. The less identifiable, the easier it is to falsely authorize a non-user. - Associated term(s) - Authentication, Authorization

136
Q

Identifiers

A

Codes or strings used to represent an individual, device or browser. - Associated term(s) - Authentication,Authorization,Identifiability,GUID

137
Q

Information governance

A

Choreography of all stakeholders involved in the processing of personal data - technical solutions, privacy compliance, security measures.

138
Q

Information hiding

A

Identifies data that has been assigned to specific levels of classification and restrict access to that data via limited class functions.

139
Q

Information Life Cycle

A

The information life cycle recognizes that data has different value, and requires approaches, as it moves through an organization from collection to deletion. The stages are generally considered to be - Collection, processing, use, disclosure, retention, and destruction.

140
Q

Information Privacy

A

One of the four classes of privacy, along withterritorial privacy,bodily privacy, andcommunications privacy. The claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others.

141
Q

Information Security

A

The protection of information for the purposes of preventing loss, unauthorized access and/or misuse. It is also the process of assessing threats and risks to information and the procedures and controls to preserveconfidentiality, integrity and availability of information. - Acronym(s) - IS

142
Q

Information Utility

A

The culture and desire of a business that seeks to use information collected by a company in every way possible to improve services and products. This needs to be balanced with privacy considerations.

143
Q

Insecurity

A

Results from failure to properly protect individuals’ information.

144
Q

Interactive Advertising Bureau

A

A trade association representing advertising businesses. The IAB develops industry standards, conducts research, and provides legal support for the online advertising industry. - Link to - Interactive Advertising Bureau - Acronym(s) - IAB

145
Q

Internet of Things

A

A term used to describe the many devices that are connected to the internet. Any device that is built with a network interface can be assigned an IP address to allow for automation and remote access.

146
Q

Internet Protocol Address

A

A unique string of numbers that identifies a computer on the Internet or otherTCP/IP network. The IP address is expressed in four groups of up to three numbers, separated by periods. For example - 123.123.23.2. An address may be “dynamic,” meaning that it is assigned temporarily whenever a device logs on to a network or anInternet service providerand consequently may be different each time a device connects. Alternatively, an address may be “static,” meaning that it is assigned to a particular device and does not change, but remains assigned to one computer or device. - Acronym(s) - IP Address

147
Q

Internet Service Provider

A

A company that provides Internet access to homes and businesses through modem dial-up, DSL, cable modem broadband, dedicated T1/T3 lines or wireless connections. - Acronym(s) - ISP

148
Q

Interrogation

A

When the line of questioning or probing individuals for personal information is not aligned with the context of the situation and a person feels compelled to answer, social norms are breached and individual privacy is at risk.

149
Q

Intrusion reports

A

Monitoring a system for threats to security of a network.

150
Q

ISO 27002

A

The ISO (International Organization for Standardization) 27002 standard is a code of practice for information security with hundreds of potential controls and control mechanisms. The standard is intended to provide a guide for the development of “organizational security standards and effective security management practices and to help build confidence in inter-organizational activities”. It can be considered a guide to implementing ISO 27001 (see ISO 27001). - Link to text of - ISO 27002

151
Q

IT Architecture

A

Also known asEnterprise Architecture(EA) is the set of policies (standards and guidelines), principles, services, and products used by IT providers. - Associated term(s) - Enterprise Architecture(EA)

152
Q

IT Department

A

The division or component of an organization responsible for all forms of technology used to create, store, exchange and use information in its various forms.

153
Q

Javascript

A

A computer scripting language used to produce interactive and dynamic web content.

154
Q

Just-in-Time Notification

A

Disclosure of specific information practices posted, usually accompanied by a consent request, at the point of information collection. - Acronym(s) - JIT Notice

155
Q

k-anonymity

A

Relies on the creation of generalized, truncated or redacted quasi-identifiers as replacements for direct identifiers.

156
Q

Layered Notice

A

A privacy notice designed to respond to problems with a excessively long notices. A short notice — the top layer — provides a user with the key elements of the privacy notice. The full notice — the bottom layer — covers all the intricacies in full. In its guidance on complying with the General Data Protection Regulation, the Article 29 Working Party, which has now been replaced by the European Data Protection Board, recommended a layered notice in order to meet requirements of the GDPR that privacy notices be easily accessible and easy to understand, and that clear and plain language be used.

157
Q

Layered Security Policy

A

A layered approach defines three levels of security policies. The top layer is a high-level document containing the controller’s policy statement. The next layer is a more detailed document that sets out the controls that will be implemented to achieve the policy statements. The third layer is the most detailed and contains the operating procedures, which explain how the policy statements will be achieved in practice.

158
Q

l-diversity

A

Builds onk-anonymityby requiring at least “l” distinct values in each group of k records for sensitive attributes.

159
Q

Least Privilege

A

A security control where access is granted at the lowest possible level required to perform the function.

160
Q

Linkability

A

The degree to whichidentifiersused to track an individual user can be paired with outside information to identify that individual. For example, public record can be paired with date of birth, gender and zip code to identify an individual. - Associated term(s) - Anonymous Information,Pseudonymous Data,De-Identification,Identifiability,Re-Identification,Identifiers,GUID

161
Q

Local Area Network

A

Networks that exist within an operational facility. They are considered within local operational control and are relatively easy to manage. - Acronym(s) - LAN - Associated term(s) - WAN

162
Q

Local Shared Objects

A

Data files created on a computer’s hard drive by a domain to track user preferences and used by all versions of Adobe Flash Player. They are often calledflashcookies. LSOs differ fromHTTPcookiesin that they are saved to a computer’s hard drive rather than the web browser. - Acronym(s) - LSOs - Associated term(s) - Cookies

163
Q

Location-Based Service

A

Services that utilize information about location to deliver, in various contexts, a wide array of applications and services, including social networking, gaming and entertainment. Such services typically rely upon GPS, RFID, Wi-Fi, or similar technologies in which geolocation is used to identify the real-world geographic location of an object, such as a mobile device or an internet-connected computer terminal.- - Acronym(s) - LBS - Associated term(s) - Geolocation - GPS - Global Positioning System - RFID

164
Q

Logs

A

A record of both normal and suspect events by a computer system (typically an operating system). The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log. The program developer decides which events to record. The system log contains events logged by the operating system components - for example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined for the operating system. The security log can record security events, such as valid and invalid log-in attempts as well as events related to resource use, such as creating, opening, or deleting files. An administrator can specify what events are recorded in the security log. For example, if you have enabled log-in auditing, attempts to log in to the system are recorded in the security log.

165
Q

Low level design

A

The details of ahigh-level designsystem.

166
Q

Magnitude data

A

Refers to the size of the data. A table showing average income by age is magnitude data.

167
Q

Manageability

A

The ability to granularly administer personal information, including modification, disclosure and deletion.

168
Q

Mandatory Access Control

A

Anaccess controlsystem by which access to data, by the owner or user, is constrained by the operating system itself. - Acronym(s) - MAC - Associated term(s) - Discretionary Access Control

169
Q

Metadata

A

Data that describes other data. “Meta” is a prefix meaning “an underlying description” in information technology usage.

170
Q

Microdata Sets

A

Groups of information on individuals that have been altered or suppressed in some way to anonymize the data, protecting individuals from being identified. - Associated term(s) - Anonymous Information,De-Identification

171
Q

Mobility

A

The extent to which a system moves from one location to another, as in laptop and mobile phone capabilities.

172
Q

Multi-Factor Authentication

A

An authentication process that requires more than one verification method (see Authentication), such as a password and biometric identifier, or log-in credentials and a code sent to an email address or phone number supplied by a data subject. - Associated term(s) - Two-Factor Authentication - Two-Step Authentication

173
Q

National Initiative for Cybersecurity Education’s Cybersecurity Workforce Framework (NICE)

A

The NICE framework establishes common terminology to describe cybersecurity work and is intended to be applied in all sectors - public, private and academic.

174
Q

National Institute of Standards and Technology (NIST) framework

A

NIST is a voluntary risk management tool alongside the NIST Cyber-security Framework. It provides standard, guidelines and best practices for managing cybersecurity-related risks and is intended to assist organizations in communicating and organizing privacy risk as well as rationalizing privacy to build or evaluate a privacy governance program.

175
Q

Natural language generation

A

Information is transformed into content, enabling such functions as text-to speech, automation of reports and the production of content for awe or mobile applications.

176
Q

Natural language understanding

A

Utilizes machine reading comprehension through algorithms to identify and extract natural language that the computer can understand.

177
Q

Network Centricity

A

The extent to which personal information remains local to the client.

178
Q

Network Devices

A

The components used to link computers and other devices so they may share files and utilize other electronic resources, e.g. printers and fax machines. The most common network devices are those used to createLocal Area Networks(LAN), which require a hub, router, cable or radio connection devices, network cards, and (for access to the internet) a modem.

179
Q

Network Encryption

A

A type of network security that protects data traffic by providingencryptionat the network transfer layer. This form of encryption operates independently of other security measures and is invisible to the ender user as data is only encrypted while in transit.

180
Q

Network-Layer Attacks

A

Attacks that exploit the basic network protocol in order to gain any available advantage. These attacks generally involve “spoofing” a network address so that a computer sends data to an intruder rather than their proper recipient or destination. Other attacks can involve service disruptions through a denial of service (DOS) attack—a brute force method that overloads the capacity of a website’s domain to respond to incoming requests such that it renders the server inoperable.

181
Q

Noise addition

A

Blurring data to ensue that aggregated data is useful, yet nonspecific enough to avoid revealing identifiers.

182
Q

Non-Functional System Requirements

A

Abstracted concepts of the operation of a new software system or product being developed that inform functional requirements. These requirements describe how a system should work rather than specific technical processes the system completes. For example “the system shall be able to create user profiles for individuals using the system.” - Associated term(s) - Plan-driven Development Model,Agile Development Model,Functional System Requirements,SRS

183
Q

Obfuscation

A

To make (something) more difficult to understand - to hide the true meaning. For Data ObfuscationseeData Masking. - Associated term(s) - Data Masking

184
Q

Objective Harm

A

Measurable and observable, wherein a person’s privacy has been violated and a direct harm is known to exist.

185
Q

OECD Guidelines

A

First released in 1980, and then updated in 2013, these guidelines represent perhaps the most widely accepted and circulated set of internationally agreed upon privacy principles along with guidance for countries as they develop regulations surrounding cross-border data flows and law-enforcement access to personal data. The principles, widely emulated in national privacy laws, includeCollection Limitation,Data Quality,Purpose Specification,Use Limitation,Security Safeguards,Openness,Individual Participation, andAccountability(see entries for each principle under their own listing elsewhere in the glossary). - Link to text of - OECD Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data

186
Q

Omnibus Laws

A

Used to distinguish from sectorial laws (see Sectorial Laws), to mean laws that cover a broad spectrum of organizations or natural persons, rather than simply a certain market sector or population.

187
Q

Online Behavioral Advertising

A

Websites or online advertising services that engage in the tracking or analysis of search terms, browser or user profiles, preferences, demographics, online activity, offline activity, location data, etc., and offer advertising based on that tracking.

188
Q

Online Data Storage

A

Refers to the storage of data by a third-party vendor made accessible through the Internet.(Hosted storage, Internet storage, cloud storage) This is a common data storage alternative to local storage, such as on a hard drive, and portable storage, such as a flash drive. - Associated term(s) - Cloud Computing

189
Q

Open-source vs. closed-source

A

Easily viewed, shared and modified software is considered open-source. Closed-source software must by fixed and updated by the vendor.

190
Q

Opt-In

A

One of two central concepts of choice. It means an individual makes an active affirmative indication of choice - i.e., checking a box signaling a desire to share his or her information with third parties. - Associated term(s) - Choice - Consent - Opt-Out

191
Q

Opt-Out

A

One of two central concepts of choice. It means an individual’s lack of action implies that a choice has been made - i.e., unless an individual checks or unchecks a box, their information will be shared with third parties. - Associated term(s) - Choice - Consent - Opt-In

192
Q

Organization for Economic Cooperation and Development

A

An international organization that promotes policies designed to achieve the highest sustainable economic growth, employment and a rising standard of living in both member and non-member countries, while contributing to the world economy. - Link to - Organization for Economic Cooperation and Development - Acronym(s) - OECD

193
Q

Passive Collection

A

Collecting data from adata subjectthat is unaware of such collection. - Associated term(s) - Active Collection,First-party Collection,Surveillance Collection,Repurposing,Third-party Collection

194
Q

Patches

A

Changes to a program that aim to fix, update or improve a system.

195
Q

PCI Security Standards Council

A

The PCI Security Standards Council is a council that is responsible for the development and management of the Payment Card Industry Security Standards, most notably thePCI Data Security Standard. The council is made up of American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. and other affiliate members. - Link to - PCI Security Standards Council - Associated term(s) - PCI DSS

196
Q

Perimeter Controls

A

Technologies and processes that are designed to secure an entire network environment by preventing penetration from the outside. - Associated term(s) - Intrusion Detection Systems (IDS),Intrusion Prevention Systems (IPS), Internet Protocol Security (IPSEC),Secure Sockets Layer (SSL)

197
Q

Persistent Storage

A

The storage of data in a non-volatile storage medium such as a hard drive. In the absence of persistent data storage, data would only be stored in RAM (random access memory) and would be lost whenever the device lost power. - Associated term(s) - Transient Storage

198
Q

Personal Information

A

A synonym for “personal data.” It is a term with particular meaning under the California Consumer Privacy Act, which defines it as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer. - Acronym(s) - PI - Associated term(s) - Personal Data - Personally Identifying Information - Personally Identifiable Information

199
Q

Pharming

A

Redirecting a valid internet request to a malicious website by modifying a Hosts file or corrupting a network router domain name system. - Associated term(s) - Phishing,Spear Phishing,Whaling

200
Q

Phishing

A

E-mails or other communications that are designed to trick a user into believing that he or she should provide a password, account number or other information. The user then typically provides that information to a website controlled by the attacker. “Spear phishing” is a phishing attack that is tailored to the individual user, such as when an e-mail appears to be from the user’s boss, instructing the user to provide information. - Associated term(s) - Spear Phishing - Social Engineering

201
Q

Plan-Driven Development Model

A

A strategy used when creating new software products and systems. Plan-driven models focus on designing the entirety of the system and system functions before actual creation of the system, as opposed to theAgile Development Model. An example of a plan-driven model is the Spiral model. - Associated term(s) - Agile Development Model,CONOPS

202
Q

Platform for Privacy Preferences Project

A

A project with the goal of designing web protocols with user privacy in mind. Several protocols have been developed out of this project including the most successful, XACML. - Link to - Platform for Privacy Preferences Project - Acronym - P3P

203
Q

Polymorphic

A

The algorithm is mutated with each copy of the code, while the outcome of the encryption remains the same for any given key.

204
Q

POST Method

A

TheGETand POST HTML method attributes specify how form data is sent to a web page. The POST method is more secure than GET as the GET method appends the form data to theURLallowing passwords and othersensitive informationcollectedin a form to be visible in the browser’s address bar. - Associated term(s) - GET Method

205
Q

Predictability

A

Characterizes reliable assumptions about a system particularly its data and the processing of that data by all stakeholders.

206
Q

Premium Advertising

A

The most expensive and most visible type of web advertising, typically on the homepage of a website and priced so that only big name companies/products use them. - Associated term(s) - Behavioral Advertising,Contextual Advertising,Demographic Advertising,Psychographic Advertising,Remnant Advertising

207
Q

Privacy by Design

A

Generally regarded as a synonym for Data Protection by Design (seeData Protection by Design). However, Privacy by Design as a specific term was first outlined in a framework in the mid-1990s by then-Information and Privacy Commissioner of Ontario, Canada, Ann Cavoukian, with seven foundational principles. - Acronym(s) - PbD

208
Q

Privacy engineering

A

Encompasses how privacy values and principles are applied in technology systems and programs while recognizing and maintaining security levels to mitigate risk. It brings the complementary perspectives and practices of software engineers and privacy professionals together.

209
Q

Privacy Notice

A

A statement made to a data subject that describes how an organization collects, uses, retains and discloses personal information. A privacy notice may be referred to as a privacy statement, a fair processing statement or, sometimes, a privacy policy. Numerous global privacy and data protection laws require privacy notices.

210
Q

Privacy Nutrition Label

A

A standard form label intended to make privacy policies easily and quickly understandable. Privacy Nutrition Labels where developed by the Cylab Usable Privacy and Security Laboratory (CUPS) at Carnegie Mellon University. - Link to - Cylab Usable Privacy and Security Laboratory - Associated term(s) - Privacy Policy

211
Q

Privacy Officer

A

A general term in many organizations for the head of privacy compliance and operations. In the United States federal government, however, it is a more specific term for the official responsible for the coordination and implementation of all privacy and confidentiality efforts within a department or component. This official may be statutorily mandated as a political appointment, as in the Department of Homeland Security, or a career professional.

212
Q

Privacy Patterns

A

Based on the concept of “Design Patterns” developed by Erich Gamma, Richard Helm, Ralph Johnson and John Vlissides, Privacy Patterns are a set of solutions to common privacy problems in designing software. Each Privacy Pattern describes a privacy concern that occurs when developing software and a uniform way to alleviate that concern. - Associated term(s) - UML,Plan-driven Development Model,Agile Development Model

213
Q

Privacy Policy

A

An internal statement that governs an organization or entity’s handling of personal information. It is directed at those members of the organization who might handle or make decisions regarding the personal information, instructing them on the collection, use, storage and destruction of the data, as well as any specific rights the data subjects may have. May also be referred to as a data protection policy.

214
Q

Privacy Review

A

An analysis of all new projects for their compliance with theprivacy standardandprivacy policyof an organization. Reviews should be performed multiple times beginning at the early stages of new project development to minimize potentialprivacy risks. - Associated term(s) - Privacy Standard,Privacy Policy,Privacy by Design,Privacy Risk

215
Q

Privacy Risk

A

A formula to calculate the impact of a new project on the privacy of the consumer base that will use the new systems. To evaluate the risk, one must consider the likelihood of the threat occurring, multiplied by the potential impact if the threat occurs. It may be difficult to quantify, so a comparison between projects may be the best way to understand privacy risks. - Associated term(s) - Privacy Standard,Privacy Policy,Privacy by Design,Privacy Review

216
Q

Privacy Standard

A

The minimum level at which privacy should be protected in all new projects, applications and services. This includes the expectations of privacy in the new programs and guidelines for adherence to those standards. The standard is set based on both internal organizational policy and external regulations etc. - Associated term(s) - Privacy by Design,Privacy Review,Privacy Policy,Privacy Risk

217
Q

Privacy Technlologist

A

A term used to reference the many technology professionals that play a role in protecting privacy in or with technology. Includes but is not limited to - audit, risk and compliance managers - data professionals - data architects - data scientists, system designers and developers - software engineers, privacy engineers.

218
Q

Protected Health Information

A

Any individually identifiable health information transmitted or maintained in any form or medium that is held by an entity covered by the Health Insurance Portability and Accountability Act or its business associate - identifies the individual or offers a reasonable basis for identification - is created or received by a covered entity or an employer - and relates to a past, present or future physical or mental condition, provision of healthcare or payment for healthcare to that individual. - Acronym(s) - PHI

219
Q

Protecting Canadians from Online Crime Act

A

Criminalizes cyber bullying and loosens restraints on police to obtain warrants for telecommunications and internet data, as well as allows police to compel the preservation of electronic evidence. - Link to text of law - Protecting Canadians from Online Crime Act

220
Q

Pseudonymous Data

A

Data points which are not directly associated with a specific individual. The identity of the person is not known but multiple appearances of that person can be linked together. Uses an ID rather than PII to identify data as coming from the same source. IP address,GUIDand ticket numbers are forms of pseudonymous values. - Associated term(s) - Identifiability,Identifiers,GUID,Authentication,De-Identification,Re-Identification.

221
Q

Psychographic Advertising

A

Based on a user’s interest as accounted for by their preferences online. Different from behavioral because it simply accounts for known preferences rather than taking into account different interactions with web pages and advertisements. - Associated term(s) - Behavioral Advertising,Contextual Advertising,Demographic Advertising,Premium Advertising,Remnant Advertising

222
Q

Public Key Infrastructure

A

A system of digital certificates, authorities and other registration entities that verifies the authenticity of each party involved in an electronic transaction through the use of cryptography. - Acronym(s) - PKI - Associated term(s) - Cryptography

223
Q

Public Records

A

Information collected and maintained by a government entity and available to the general public.

224
Q

Quality Attributes

A

Concerns in software development that cannot be alleviated with a single design element or function. Privacy is an example of a quality attribute that can be divided up into further quality attributes (think about theFair Information Practices). UsingPrivacy by Designin all software development allows these quality attributes to be accounted for in all system functions as they are being developed. - Associated term(s) - Privacy by Design,Fair Information Practices

225
Q

Quantum encryption

A

Uses the principles of quantum mechanics to encrypt messages in a way that prevents anyone other than the intended recipient from reading them.

226
Q

Radio-Frequency Identification

A

Technologies that use radio waves to identify people or objects carrying encoded microchips. - Acronym(s) - RFID

227
Q

Re-identification

A

The action of reattaching identifying characteristics to pseudonymized or de-identified data (see De-identification and Pseudonymization). Often invoked as a “risk of re-identification” or “re-identification risk,” which refers to nullifying the de-identification actions previously applied to data (see De-identification). - Associated term(s) - De-identification - Anonymization - Anonymous Data,Pseudonymous Data

228
Q

Remnant Advertising

A

The most basic, stripped down form of web advertising that occurs when no data about the user or webpage is available. Advertising of this sort has no personalization. - Associated term(s) - Behavioral Advertising,Contextual Advertising,Demographic Advertising,Psychographic Advertising,Premium Advertising

229
Q

Repurposing

A

Taking information collected for one purpose and using it for another purpose later on. - Associated term(s) - Active Collection,First-party Collection,Passive Collection,Surveillance Collection,Third-party Collection

230
Q

Retention

A

Within the information life cycle, the concept that organizations should retain personal information only as long as necessary to fulfill the stated purpose.

231
Q

Right of Access

A

An individual’s right to request and receive their personal data from a business or other organization.

232
Q

Role-Based Access Controls

A

Access policies that espouse the view that no employee should have greater information access than is necessary to capably perform his or her job function.

233
Q

RSA Encryption

A

RSA (Rivest-Shamir-Adleman) is the most common internetencryptionandauthenticationsystem. The system used an algorithm that involves multiplying two large prime numbers to generate apublic key, used to encrypt data and decrypt an authentication, and a private key, used to decrypt the data and encrypt an authentication. - Associated term(s) - Encryption

234
Q

Run time behavior monitoring

A

Monitoring and analyzing usage and data collected from a running system.

235
Q

Seal Programs

A

Programs that require participants to abide by codes of information practices and submit to monitoring to ensure compliance. In return, companies that abide by the terms of the seal program are allowed to display the programs seal on their website. - Associated term(s) - Self-regulatory Model,WebTrust

236
Q

Secondary use

A

Using an individual’s information without consent for purposes unrelated to the original reasons for which it was collected.

237
Q

Secret Key

A

“Acryptographickey used with a secret key cryptographic algorithm, uniquely associated with one or more entities and which shall not be made public. The use of the term “secret” in this context does not imply a classification level, rather the term implies the need to protect the key from disclosure or substitution.” (Federal Information Processing Standards Publication 140-1, Security Requirements for Cryptographic Modules)

238
Q

Security Policy

A

Encompasses internal security measures such as the prevention of unauthorized or unnecessary access to corporate data or resources. Includes intellectual property, financial data and personal information. Physical security measures, such as locks, safes, cameras and fences are security measures that protect against both internal and external threats.

239
Q

Security Safeguards

A

Afair information practicesprinciple, it is the principle thatpersonal datashould be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.

240
Q

Separate

A

Separating personal data during processing to prevent correlating information that may lead to the identification of the individual. This is done via processing data in physically separate locations (distribute) or isolating the data by processing personal data that is used for different purposes in separate databases.

241
Q

Single-Factor Authentication

A

The standardauthenticationmechanism that requires a user name and password for access. - Associated term(s) - Multi-factor authentication,Authentication,Authorization

242
Q

Single-Sign-On (SSO)

A

Anauthenticationprocess that allows the user to enter a single set of credentials to access multiple applications.

243
Q

Social Engineering

A

A general term for how attackers can try to persuade a user to provide information or create some other sort of security vulnerability. - Associated term(s) - Phishing

244
Q

Software Requirements Specification

A

A formal documentation of a software system or product to be developed that includes both functional and nonfunctional requirements. These are used so that the individual tasked with creating the system or product is aware of the needs of the individual seeking the creation. - Acronym - SRS - Associated term(s) - Functional Requirements,Non-functional requirements,Plan-driven Development Model,Agile Development Model

245
Q

SPAM

A

Unsolicited commercial e-mail. - Associated law(s) - CASL - CAN-SPAM Act

246
Q

Spear Phishing

A

Phishingtargeted at a particular group of people with a known affiliation to some organization. - Associated term(s) - Phishing,Whaling,Pharming

247
Q

Speech recognition

A

Voice command technology that allows users to interact with and control technologies by speaking to them.

248
Q

SQL Injection

A

Taking advantage ofSQLforms by inserting commands in information entry boxes. SQL is transferred in such a way that commands placed in forms can be seen as valid commands and affect the system in whatever way that command operates. Hackers can use SQL Injections to erase data banks, over load servers, etc. if the SQL isn’t properly set up to avoid such attacks. - Associated term(s) - SQL

249
Q

Storage Encryption

A

The use ofencryptionto protect stored or backed-up data both in transit and in the storage medium to provide an additional layer of security.

250
Q

Structured Query Language

A

A special-purpose programming language that allows for the creation of interactive forms which users can insert, alter and delete data they have input, and the system administrators can easily transfer information into usable data banks of user information. Originally developed by IBM, SQL has become an international standard for data collection and use. - Acronym - SQL - Associated term(s) - SQL Injection

251
Q

Subjective Harm

A

Exists without an observable or measurable harm, but where an expectation of harm exists.

252
Q

Super Cookie

A

A tracking mechanism that persists even after allcookieshave been deleted, usually using several varying types of storage to remain within a device. - Associated term(s) - Cookie

253
Q

Surveillance

A

The observation and/or capturing of an individual’s activities.

254
Q

Surveillance Collection

A

Collection by way of observing the data stream produced by a givendata subjectwithout interference in the data subject’s activity. - Associated term(s) - Active Collection,First-Party Collection,Passive Collection,Repurposing,Third-party Collection

255
Q

Symmetric Key Encryption

A

Also known asSecret KeyEncryption is a form of encryption using a single secret key to both encrypt and decrypt data. - Associated term(s) - Asymmetric Key Encryption,Encryption

256
Q

Syndicated Content

A

Content that is not actually created by the host site, but is developed, purchased or licensed from a third party. A concern associated with this content is that it can contain malicious code that is then unwittingly incorporated into the organization’s own website source code. For example,cross-site scripting(XSS) attacks attempt to take advantage of the trust that users have for a given site. - Associated term(s) - XSS

257
Q

Systems Development Life Cycle (SDLC)

A

A conceptual model used to describe the stages in an information system development project. - Associated term(s) - Privacy by Design,Privacy Standard,Privacy Review

258
Q

t-closeness

A

Extendsl-diversityby reducing the granularity of data in a data set.

259
Q

Terms of Service

A

The set of rules which govern the use of a service and must be agreed to, either implicitly through the use of that service or explicitly, in order to make use of that service. - Associated term(s) - EULA

260
Q

Third-Party Collection

A

Data acquired from a source other than directly from the subject of the data. - Associated term(s) - Active Collection,First-party Collection,Passive Collection,Repurposing,Surveillance Collection

261
Q

Tokenization

A

A system of de-identifying data which uses random tokens as stand-ins for meaningful data.

262
Q

Transfer

A

The movement of personal data from one organization to another.

263
Q

Transient Storage

A

Short lifespan data storage such as a sessioncookiestored on a browser that is purged from the system when the browser is closed. - Associated term(s) - Persistent Storage,Cookies

264
Q

Transmission Control Protocol

A

A protocol which enables two devices to establish a connection and exchange data. A combination of TCP andIPis used to send data over the Internet. Data are sent in the form of a packet, which is a portion of a message sent over the TCP/IP network. It contains content and a heading that specifies the destination. - Acronym(s) - TCP - TCP/IP

265
Q

Transport Layer Security

A

A protocol that ensures privacy between client-server applications and Internet users of the applications. When a server and client communicate, TLS secures the connection to ensure that no third party can eavesdrop on or corrupt the message. TLS is a successor to SSL. - Acronym(s) - TLS - Associated term(s) - Secure Sockets Layer (SSL)

266
Q

Trojan Horse

A

A form of malware in which bad software masquerades as beneficial software. - Associated term(s) - Malware

267
Q

Ubiquitous computing

A

The processing of information is linked with the activity or object it encounters.

268
Q

Unified Modeling Language

A

A notation language that is used to describe system design elements in software development. - Acronyms - UML - Associated term(s) - Plan-driven Design Model,Agile Design Model

269
Q

Uniform Resource Locator

A

The address of content located on a web server. Specifically, it is the letter and number coordinates that an end user submits to the web browser to instruct it to connect with the desired website. An example of a URL is “https - //iapp.org.” - Acronym(s) - URL

270
Q

Use Limitation

A

See “Purpose Limitation.” - Link to text of memo - Fair Information Practice Principles - Associated term(s) - Fair Information Practices

271
Q

User Stories

A

Requirements of new software systems or products as they are implemented in anAgile Development Model. Usually they consist of a few sentences that describe how a consumer would interact with the system or product and what the ideal functionality would look like. These are used to inform the developers of how a system or product should work while they are designing a given portion of the system. - Associated term(s) - Agile Development Model,SRS

272
Q

User-based access controls

A

Rely on the identity of the user to determine whether to grant or deny access to a desired resource.

273
Q

Value-Added Services

A

A telecommunications industry term for non-core services - i.e., services beyond voice calls and fax transmissions. More broadly, the term is used in the service sector to refer to services, which are available at little or no cost, and promote their primary business. For mobile phones, while technologies like SMS, MMS and GPRS are usually considered value-added services, a distinction may also be made between standard (peer-to-peer) content and premium-charged content. These are called mobile value-added services (MVAS), which are often simply referred to as VAS. Value-added services are supplied either in-house by the mobile network operator themselves or by a third-party value-added service provider (VASP), also known as a content provider (CP) such as Headline News or Reuters. VASPs typically connect to the operator using protocols like short message peer-to-peer protocol (SMPP), connecting either directly to the short message service centre (SMSC) or, increasingly, to a messaging gateway that gives the operator better control of the content. - Associated term(s) - MVAS, VASP

274
Q

Value-Sensitive Design

A

A design approach that accounts for moral and ethical values. Values includeprivacy, trust,fairness, informed consent, courtesy or freedom from bias. Assess the values in relation to specific technologies and stakeholders.

275
Q

Virtual Private Network

A

A network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users an access to a central organizational network. VPNs typically require remote users of the network to beauthenticatedand often secure data withencryptiontechnologies to prevent disclosure of private information to unauthorized parties. - Acronym(s) - VPN - Associated term(s) - Remote Access Connectivity

276
Q

Voice Over Internet Protocol

A

A technology that allows telephone calls to be made over aLANor the Internet itself. Skype is a well-known example. VoIP poses the same risk as network-connected PBX systems but also poses the additional risk of data interception when such data travel over an unsecured connection. VoIP functionality should beencryptedwhere possible and equipment monitored with intrusion-detection systems. - Acronym(s) - VoIP

277
Q

Vulnerability management

A

Assessing and developing plans for the capability and probability that a threat actor’s acts will succeed.

278
Q

Web Beacon

A

Also known as a web bug, pixel tag or clear GIF, a web beacon is a clear graphic image (typically one pixel in size) that is delivered through a web browser orHTMLe-mail. The web beacon operates as a tag that records an end user’s visit to a particular web page or viewing of a particular e-mail. It is also often used in conjunction with a webcookieand provided as part of a third-party tracking service. Web beacons provide an ability to produce specific profiles of user behavior in combination with web server logs. Common usage scenarios for web beacons include online ad impression counting, file download monitoring, and ad campaign performance management. Web beacons also can report to the sender about which e-mails are read by recipients. Privacy considerations for web beacons are similar to those for cookies. Some sort of notice is important because the clear pixel of a web beacon is quite literally invisible to the end user. - Associated term(s) - Web Bug, Pixel Tag, Tracking Bug, Clear GIF

279
Q

Whaling

A

Phishingtargeted at a specific individual or individuals known to be wealthy. - Associated term(s) - Spear Phishing,Phishing,Pharming

280
Q

Wide Area Network

A

A non-localized telecommunications network that can be used to transmit data across large regions. - Acronym(s) - WAN - Associated term(s) - LAN - Local Area Network

281
Q

Worm

A

A computer program or algorithm that replicates itself over a computer network, usually performing malicious actions. - Associated term(s) - Flash Worm - For the acronym WORM, seeWrite Once Read Many.

282
Q

Write Once Read Many

A

Adata storage device in which information, once written, cannot be modified. This protection offersassurance that the data originally written to the device has not beentampered with. The only way to remove data written to a WORM device is to physically destroy the device. - Acronym(s) - WORM