Looks like no one added any tags here yet for you.
acceptable use policy (AUP)
A document that stipulates restrictions and practices that a user must agree in order to use organizational computing and network resources.
acceptance
When an organization decides to accept a risk because the cost of avoiding the risk outweighs the potential loss of the risk. A decision to accept a risk can be extremely difficult and controversial when dealing with safety-critical systems because making that determination involves forming personal judgments about the value of human life, assessing potential liability in case of an accident, evaluating the potential impact on the surrounding natural environment, and estimating the system's costs and benefits.
advanced persistent threat (APT)
A network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time (weeks or even months).
agile development
A software development methodology in which a system is developed in iterations lasting from one to four weeks. Unlike the waterfall system development model, agile development accepts the fact that system requirements are evolving and cannot be fully understood or defined at the start of the project.
Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS)
An agreement of the World Trade Organization that requires member governments to ensure that intellectual property rights can be enforced under their laws and that penalties for infringement are tough enough to deter further violations.
American Recovery and Reinvestment Act
A wide-ranging act that authorized $787 billion in spending and tax cuts over a 10-year period and included strong privacy provisions for electronic health records, such as banning the sale of health information, promoting the use of audit trails and encryption, and providing rights of access for patients.
annualized loss expectancy (ALE)
The estimated loss from a potential risk event over the course of a year. The following equation is used to calculate the annual loss expectancy: ARO × SLE = ALE. Where ARO is the annualized rate of occurrence, an estimate of the probability that this event will occur over the course of a year and SLE is the single loss expectancy, the estimated loss that would be incurred if the event happens.
annualized rate of occurrence (ARO)
An estimate of the probability that a risk event will occur over the course of a year.
anonymous expression
The expression of opinions by people who do not reveal their identity.
anonymous remailer service
A service that allows anonymity on the Internet by using a computer program that strips the originating header and/or IP address from the message and then forwards the message to its intended recipient.
anti-SLAPP laws
Laws designed to reduce frivolous SLAPPs (strategic lawsuit against public participation (SLAPP), which is a lawsuit filed by corporations, government officials, and others against citizens and community groups who oppose them on matters of concern).
antivirus software
Software that scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus.
artificial intelligence systems
The people, procedures, hardware, software, data, and knowledge needed to develop computer systems and machines that can simulate human intelligence processes, including learning (the acquisition of information and rules for using the information), reasoning (using rules to reach conclusions), and self-correction (using the outcome from one scenario to improve its performance on future scenarios).
audit committee
A group that provides assistance to the board of directors in fulfilling its responsibilities with respect to the oversight of the quality and integrity of the organization's accounting and reporting practices and controls, including financial statements and reports; the organization's compliance with legal and regulatory requirements; the qualifications, independence, and performance of the company's independent auditor; and the performance of the company's internal audit team.
avoidance
The elimination of a vulnerability that gives rise to a particular risk in order to avoid the risk altogether. This is the most effective solution but often not possible due to organizational requirements and factors beyond an organization's control.
Bathsheba syndrome
The moral corruption of people in power, which is often facilitated by a tendency for people to look the other way when their leaders act inappropriately.
best practice
A method or technique that has consistently shown results superior to those achieved with other means and that is used as a benchmark within a particular industry.
Bill of Rights
The first 10 amendments to the United States Constitution that spell out additional rights of individuals.
black-box testing
A type of dynamic testing that involves viewing the software unit as a device that has expected input and output behaviors but whose internal workings are unknown (a black box).
blended threat
A sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.
body of knowledge
An agreed-upon sets of skills and abilities that all licensed professionals must possess.
botnet
A large group of computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.
breach of contract
The failure of one party to meet the terms of a contract.
breach of the duty of care
The failure to act as a reasonable person would act.
breach of warranty
When a product fails to meet the terms of its warranty.
bribery
The act of providing money, property, or favors to someone in business or government in order to obtain a business advantage.
bring your own device (BYOD)
A business policy that permits, and in some cases, encourages employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet.
BSA | The Software Alliance
A trade group that represent the world's largest software and hardware manufacturers.
business continuity plan
A risk-based strategy that includes an occupant emergency evacuation plan, a continuity of operations plan, and an incident management plan with an active governance process to minimize the potential impact of any security incident and to ensure business continuity in the event of a cyberattack or some form of disaster.
business information system
A set of interrelated components—including hardware, software, databases, networks, people, and procedures—that collects and processes data and disseminates the output.
Capability Maturity Model Integration (CMMI) models
Collection of best practices that help organizations improve their processes.
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)
Software that generates and grades tests that humans can pass and all but the most sophisticated computer programs cannot.
certification
Indicates that a professional possesses a particular set of skills, knowledge, or abilities, in the opinion of the certifying organization. Certification can also apply to products (e.g., the Wi-Fi CERTIFIED logo assures that the product has met rigorous interoperability testing to ensure that it will work with other Wi-Fi-certified products) and is generally voluntary.
Child Online Protection Act (COPA)
An act signed into law in 1998 with the aim of prohibiting the making of harmful material available to minors via the Internet; the law was ultimately ruled largely unconstitutional.
Children's Internet Protection Act (CIPA)
An act passed in 2000; it required federally financed schools and libraries to use some form of technological protection (such as an Internet filter) to block computer access to obscene material, pornography, and anything else considered harmful to minors.
Children's Online Privacy Protection Act (COPPA)
An act implemented in 1998 in an attempt to give parents control over the collection, use, and disclosure of their children's personal information.
CIA security triad
Refers to confidentiality, integrity, and availability.
clinical decision support (CDS)
A process and a set of tools designed to enhance healthcare-related decision making through the use of clinical knowledge and patientspecific information to improve healthcare delivery.
CMMI-Development (CMMI-DEV)
A specific application of CMMI frequently used to assess and improve software development practices.
code of ethics
A statement that highlights an organization's key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making.
coemployment relationship
A employment situation in which two employers have actual or potential legal rights and duties with respect to the same employee or group of employees.
Communications Assistance for Law Enforcement Act (CALEA)
An act passed in 1994 that amended the Wiretap Act and Electronic Communications Privacy Act, which required the telecommunications industry to build tools into its products that federal investigators could use—after obtaining a court order—to eavesdrop on conversations and intercept electronic communications.
Communications Decency Act (CDA)
Title V of the Telecommunications Act, it aimed at protecting children from pornography, including imposing $250,000 fines and prison terms of up to two years for the transmission of "indecent" material over the Internet.
compliance
To be in accordance with established policies, guidelines, specifications, or legislation.
computer forensics
A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.
computerized provider order entry (CPOE) system
A system that enables physicians to place orders (for drugs, laboratory tests, radiology, physical therapy) electronically, with the orders transmitted directly to the recipient.
conflict of interest
A conflict between a person's (or firm's) self-interest and the interests of a client.
contingent work
A job situation in which an individual does not have an explicit or implicit contract for long-term employment.
contributory negligence
When the plaintiffs' own actions contributed to their injuries.
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM)
A law that specifies that it is legal to spam, provided the messages meet a few basic requirements—spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings.
cookie
Text files that can be downloaded to the hard drives of users who visit a website, so that the website is able to identify visitors on subsequent visits.
copyright
The exclusive right to distribute, display, perform, or reproduce an original work in copies or to prepare derivative works based on the work; granted to creators of original works of authorship.
copyright infringement
A violation of the rights secured by the owner of a copyright; occurs when someone copies a substantial and material part of another's copyrighted work without permission.
corporate compliance officer
AKA corporate ethics officer. A senior-level manager who provides an organization with vision and leadership in the area of business conduct.
corporate ethics officer
A senior-level manager who provides an organization with vision and leadership in the area of business conduct.
corporate social responsibility (CSR)
The concept that an organization should act ethically by taking responsibility for the impact of its actions on its shareholders, consumers, employees, community, environment, and suppliers.
cost per click (CPC)
One of the two common methods of charging for paid media, where ads are paid for only when someone actually clicks on them.
cost per thousand impressions (CPM)
One of the two common methods of charging for paid media, where ads are billed at a flat rate per 1,000 impressions, which is a measure of the number of times an ad is displayed—whether it was actually clicked on or not.
cyberabuse
Any form of mistreatment or lack of care, both physical and mental, based on the use of an electronic communications device that causes harm and distress to others.
cyberespionage
The deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.
cyberharassment
A form of cyberabuse in which the abusive behavior, which involves the use of an electronic communications device, is degrading, humiliating, hurtful, insulting, intimidating, malicious, or otherwise offensive to an individual or group of individuals causing substantial emotional distress.
cyberloafing
Using the Internet for purposes unrelated to work such as posting to Facebook, sending personal emails or Instant messages, or shopping online.
cybersquatter
A person or company that registers domain names for famous trademarks or company names to which they have no connection, with the hope that the trademark's owner will buy the domain name for a large sum of money.
cyberstalking
Threatening behavior or unwanted advances directed at an adult using the Internet or other forms of online and electronic communications; the adult version of cyberbullying.
cyberterrorism
The intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, and emergency response) to achieve political, religious, or ideological goals.
decision support system (DSS)
A type of business information system used to improve decision making in a variety of industries.
defamation
Making either an oral or a written statement of alleged fact that is false and that harms another person.
Defend Trade Secrets Act of 2016
An act passed in 2016 that amended the Economic Espionage Act to create a federal civil remedy for trade secret misappropriation.
deliverable
Products created during various stages of the development process, including statements of requirements, flowcharts, and user documentation.
Department of Homeland Security (DHS)
A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a "safer, more secure America, which is resilient against terrorism and other potential threats."
design patent
A type of patent that permits its owner to exclude others from making, using, or selling the design in question.
Digital Millennium Copyright Act (DMCA)
Signed into law in 1998, the act addresses a number of copyright-related issues, with Title II of the act providing limitations on the liability of an Internet service provider for copyright infringement.
disaster recovery plan
A documented process for recovering an organization's business information system assets—including hardware, software, data, networks, and facilities—in the event of a disaster.
distributed denial-of-service (DDoS) attack
An attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.
Doxing
Doing research on the Internet to obtain someone's private personal information—such as home address, email address, phone numbers, and place of employment—and even private electronic documents, such as photographs, and then posting that information online without permission.
duty of care
The obligation to protect people against any unreasonable harm or risk.
dynamic testing
A QA process that tests the code for a completed unit of software by actually entering test data and comparing the results to the expected results.
earned media
Media exposure an organization gets through press and social media mentions, positive online ratings, reviews, tweets and retweets, reposts (or "shares"), recommendations, and so on.
Economic Espionage Act (EEA) of 1996
An act passed in 1996 to help law enforcement agencies pursue economic espionage. It imposes penalties of up to $10 million and 15 years in prison for the theft of trade secrets.
Electronic Communications Privacy Act (ECPA)
An act that deals with the protection of three main issues: (1) the protection of communications while in transfer from sender to receiver; (2) the protection of communications held in electronic storage; and (3) the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant.
electronic discovery (e-discovery)
The collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings.
electronic health record (EHR)
A comprehensive view of the patient's complete medical history designed to be shared with authorized providers and staff from more than one organization.
electronic medical record (EMR)
A collection of health-related information on an individual that is created, managed, and consulted by authorized clinicians and staff within a single healthcare organization.
Electronic Product Environmental Assessment Tool (EPEAT)
A system that enables purchasers to evaluate, compare, and select electronic products based on a total of 51 environmental criteria.
electronically stored information (ESI)
Any form of digital information, including emails, drawings, graphs, web pages, photographs, word-processing files, sound recordings, and databases stored on any form of magnetic storage device, including hard drives, CDs, and flash drives.
employee leasing
A business arrangement in which an organization (called the subscribing firm) transfers all or part of its workforce to another firm (called the leasing firm), which handles all human resource-related activities and costs, such as payroll, training, and the administration of employee benefits. The subscribing firm leases these workers to an organization, but they remain employees of the leasing firm.
encryption
The process of scrambling messages or data in such a way that only authorized parties can read it.
encryption key
A value that is applied (using an algorithm) to a set of unencrypted text (plaintext) to produce encrypted text that appears as a series of seemingly random characters (ciphertext) that is unreadable by those without the encryption key needed to decipher it.
ethics
A code of behavior that is defined by the group to which an individual belongs.
European Union Data Protection Directive
A directive that requires any company doing business within the borders of the countries comprising the European Union (EU) to implement a set of privacy directives on the fair and appropriate use of information.
exploit
An attack on an information system that takes advantage of a particular system vulnerability.
failure mode
A description of how a product or process could fail to perform the desired functions described by the customer.
failure mode and effects analysis (FMEA)
An important technique used to develop ISO 9000-compliant quality systems by both evaluating reliability and determining the effects of system and equipment failures.
Fair and Accurate Credit Transactions Act
An amendment to the Fair Credit Reporting Act passed in 2003 that allows consumers to request and obtain a free credit report once each year from each of the three primary consumer credit reporting companies (Equifax, Experian, and TransUnion).
Fair Credit Reporting Act
An act that regulates the operations of credit-reporting bureaus, including how they collect, store, and use credit information.
fair information practices
A term for a set of guidelines that govern the collection and use of personal data.
fair use doctrine
A legal doctrine that allows portions of copyrighted materials to be used without permission under certain circumstances. Title 17, section 107, of the U.S. Code established the following four factors that courts should consider when deciding whether a particular use of copyrighted property is fair and can be allowed without penalty: (1) the purpose and character of the use (such as commercial use or nonprofit, educational purposes), (2) the nature of the copyrighted work, (3) the portion of the copyrighted work used in relation to the work as a whole, and (4) the effect of the use on the value of the copyrighted work.
False Claims Act
A law enacted during the U.S. Civil War to combat fraud by companies that sold supplies to the Union Army; also known as the Lincoln Law. See also qui tam.
Family Educational Rights and Privacy Act (FERPA)
A federal law that assigns certain rights to parents regarding their children's educational records.
firewall
Hardware or software (or a combination of both) that serves as the first line of defense between an organization's network and the Internet; a firewall also limits access to the company's network based on the organization's Internet-usage policy.