Set 16 Privacy and Software Development

Vocabulary flashcards covering key privacy, security, and software development terms from Pages 1 and 2 notes.

Transient Storage

Short-term data storage (e.g., session cookies) that is deleted when the browser closes.

Transmission Control Protocol (TCP)

A core protocol that enables reliable data exchange between devices over a network.

Transport Layer Security (TLS)

An encryption protocol that secures client–server communications.

Trojan Horse

Malware disguised as legitimate software to deceive users.

Unified Modeling Language (UML)

A standard notation for describing and modeling system design elements.

Uniform Resource Locator (URL)

Web address identifying the location of content (e.g., https://iapp.org).

Use Limitation

Principle restricting data use to specified purposes or with consent.

User Stories

Agile artifacts describing user needs and system interactions.

Value-Added Services

Services beyond basic telecom offerings (e.g., SMS, MMS, premium content).

Virtual Private Network (VPN)

A secure, encrypted remote access network over public infrastructure.

Voice over Internet Protocol (VoIP)

Technology enabling voice calls over the Internet.

Web Beacon

Invisible tracking pixel used to determine when a web page or email is viewed.

Whaling

Phishing targeted at executives or other high-profile individuals.

Wide Area Network (WAN)

A large-scale network spanning broad geographic areas.

Worm

Self-replicating malware that spreads across networks.

Application Preference Exchange Language (APPEL)

Language for expressing user privacy preferences in browsers; not widely adopted.

Enterprise Privacy Authorization Language (EPAL)

Proposed language describing access rights for privacy purposes.

Security Assertion Markup Language (SAML)

XML-based framework for exchanging authentication and authorization data.

XACML

Extensible Access Control Markup Language; XML-based standard for defining access control policies.

Mistakes Organizations Make

Common problems in security programs: insufficient policies, poor training, disjointed practices, complacency, and weak contracts.

Client-Side Risks

Threats from employee devices, including theft, viruses, and lax access controls.

Server-Side Risks

Threats from server vulnerabilities or misconfigurations leading to data exposure.

Inclusions in Security Policy

Typical policy components such as encryption, software protection, auditing, and access controls.

Client-Side Privacy Risk

Risks from employees storing sensitive data on work computers, increasing exposure.

Network Sniffer

Tool to capture data packets; encryption (notably for VoIP) mitigates this risk.

Cryptographic Toolkit (NIST)

Framework to guide the selection of appropriate encryption standards.

Types of Authentication

What you know (password); What you have (token); What you are (biometrics); Where you are (location).

Multifactor Authentication

Using more than one type of authentication to validate identity.