#6 Privacy Languages and Risks (Pages 1–2)

Vocabulary-style flashcards covering key terms related to privacy languages, risk concepts, and security measures from Pages 1–2.

Web Beacon

A clear graphic image (typically one pixel) delivered through a browser or email that tracks visits, opens, or activity.

Whaling

Phishing targeted at high-profile individuals, such as executives or wealthy people.

WAN

A telecommunications network that spans large geographic regions for data transmission.

Worm

Self-replicating malicious program that spreads across networks.

Platform for Privacy Preference (P3P)

W3C project to standardize privacy practices in XML for websites.

Application Preference Exchange Language (APPEL)

Language allowing users to express privacy preferences in browsers; never widely adopted.

Enterprise Privacy Authorization Language (EPAL)

IBM-proposed language for privacy access rights; no longer supported.

Security Assertion Markup Language (SAML)

XML-based standard for exchanging authentication/authorization data; supports SSO.

eXtensible Access Control Language (XACML)

XML-based language applying access policies to resources via tokens and predefined roles.

Mistakes Organizations Make

Common privacy/security errors: weak policies, poor training, disjointed practices, complacency, weak contracts.

Client Side Risks

Risks from employee devices: stolen computers, viruses, poor access controls, personal data on work devices.

Server Side Risks

Server vulnerabilities: viruses, traffic overloads; mitigated by reducing apps, screening, retention, and de-identification.

Included in a Security Policy

Key elements: encryption, software protection, access controls, physical protections, social engineering defense, auditing.

Client Side Privacy Risk

Threats from employees storing sensitive or personal data on company machines, which can be exploited.

Network Sniffer

Tool intercepting network data; mitigated by strong encryption, critical for VoIP.

Cryptographic Toolkit (NIST)

NIST guidance to select appropriate encryption for specific needs.

Attribute-Based Access Control

Extension of RBAC allowing factors like time, location, or nationality.

/P:count flag

Windows OS command-line option used to zero an entire disk during formatting.

Cross-Enterprise Access Controls

Access across organizations (e.g., outsourced services, SaaS); often integrated with SSO.

SSL Encryption

Secure Socket Layer; protocol to protect communications between browsers and servers.

TLS Encryption

Transport Layer Security; modern protocol for securing communications like email and web.

Multilayered Privacy Notice

Abbreviated privacy notice linking to more detailed layers of information.

Privacy Nutrition Label

Privacy disclosure presented in a standardized, label-style format for easier comprehension.

Hashing

Cryptographic method protecting data by creating irreversible transformations.

Types of Authentication

Categories: What you know (password), What you have (token), What you are (biometrics), Where you are (location).

Multifactor Authentication

Combining more than one authentication type (e.g., password + biometric).

Device Identifier

Unique device ID (e.g., MAC address) used for tracking; often not deletable or opt-out capable.

Development Lifecycle

Stages: Release planning, Definition, Development, Validation, Deployment.

Countermeasures

Preventive, Reactive, Detective, Administrative security measures to mitigate risks.

Stages of PCI DSS Compliance

Collect/store logs, reporting for audits, monitoring and alerting access/usage.

Re-identification

Identifying individuals in anonymized datasets using auxiliary information.