Common Information Security / Compliance Terms
Information Security (infosec): the state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this.
Advanced Persistent Threat (APT): a sophisticated and sustained cyberattack in which an intruder, often of a nation-state or state-sponsored group, establishes an unauthorized and undetected presence in a network in order to access and steal confidential data over an extended period of time.
Antivirus: the newest virus detection technology is integrated into antivirus systems to shield users and systems against viruses, spyware, trojans, and worms that can invade systems to disrupt services and/or steal sensitive data.
Attack Vector: a way for attackers to enter a network or system, commonly through social engineering, credential theft, vulnerability exploits, and insufficient protection against insider threats.
Authentication: the process of identifying a user’s identity, making sure that they can have access to the system and/or files. This can be accomplished either by a password or biometrics, and sometimes even a combination of the two.
Authorization: the right, permission, or privilege granted to a network or system entity to access a network or system resource.
Backdoor: a method through which authorized and/or unauthorized users are able to circumvent normal security measures to gain all manner of access to a computer system, a network, or an application. Cybercriminals use the backdoor to access and steal users’ personal data, financial information, install malware or viruses, and hijack devices and platforms.
Blockchain: blockchain security is a decentralized system of risk management for blockchain networks, which incorporate assurance services, cybersecurity frameworks, and best practices to mitigate risks of fraud and cyber-attack events.
Botnet: short for “robot network,” a botnet is a group of internet-connected computers, each of which runs one or more bots. Typically a botnet becomes infected with malware and is under the control of a single attacking party, known as a “bot-herder.”
Bring Your Own Device (BYOD): most commonly, BYOD refers to the understanding that users bring their own devices to connect to an organization or institution’s network. In terms of information security, the practice of BYOD poses a risk as there is no guarantee that the BYOD devices have antivirus software or endpoint security protection. An infected BYOD computer could potentially infect the network and cause security challenges or breaches should those viruses or malware compromise sensitive data.
Client: as it relates to information security, a client is a hardware device or software that is requesting access to a network.
Cloud Computing: Most commonly, cloud computing refers to the delivery of computing services online via the internet. Cloud services include servers, storage, databases, software, networks, analytics, and intelligence. Cloud computing as it relates to information security, means that there are required tools, data, and infrastructure that protect cloud applications and infrastructure from cyber attacks.
Common Vulnerabilities and Exposures (CVE): CVE is an industry standard glossary that classifies and analyzes vulnerabilities, and then uses the Common Vulnerability Scoring System to evaluate the threat level of a vulnerability. This system provides a method for publicly sharing information on cybersecurity vulnerabilities and exposures.
Confidential Data: information such as our social security numbers, student grades, employee salary information, etc. Access to this type of data requires authorization by the owners of the data and the supervisors of those accessing it. The misuse or mishandling of this information, whether intentional or accidental, poses significant risk to our community, both at the individual and institutional level.
Cookie: a cookie is a small piece of information that a website stores on your computer to identify your computer and generate knowledge about your internet activity.
Cryptography: crypt means hidden and graphy means writing. In terms of information security, cryptography is a technique by which data is secured through use of codes, so that only the systems or people for whom the data is intended to be accessed can understand and process it.
Cyber Attack: any attempt to breach a network’s security boundary. An attack may concentrate on intelligence gathering, disrupting company operations, exploiting any weaknesses, monitoring targets, stopping work, harming physical devices on the network, and/or leveraging system resources to enable further attacks against other targets.
Cybersecurity: the state of being protected against the criminal or unauthorized use of data.
Data Breach: the result of a hacker successfully breaking into a system, gaining control of its network and exposing its data, usually personal data covering items such as credit card numbers, bank account numbers, Social Security numbers, and more.
Data Integrity: a concept and process that ensures that an organization’s data is uncorrupted, accurate, complete, consistent, and can only be accessed and modified by authorized users.
Data Loss Prevention (DLP): data loss prevention is the practice of identifying and preventing unsafe or inappropriate sharing, transfer, destruction, or use of an organization’s sensitive or confidential data.
Data Mining: the process of sorting through large data sets to identify patterns and relationships that can help solve business problems through analysis of the data.
Decrypt: Decrypting is the process of converting an encrypted file or message back to its original form, making it readable.
Denial of Service (DoS): a cyber attack in which the cybercriminal seeks to make a device or network resource unavailable to its intended users by temporarily or permanently disrupting services.
Deepfake: a bit of audio or video that has been altered to make it seem authentic or credible. The most concerning aspect of deepfakes is that they can easily convince individuals into believing a particular narrative or idea, which could lead to user behavior which could harm society, particularly in the political or financial spheres.
Digital Certificate: a file or electronic password that proves the authenticity of a device, user, or server through the use of cryptography and the public key infrastructure. The use of digital certificates can help organizations ensure that only trusted devices and users can connect to their networks.
Digital Forensics: the process of uncovering and interpreting electronic data to identify, investigate, and mitigate potential cyber attacks.
Demilitarized Zone (DMZ): in information security context, a demilitarized zone is a perimeter network that protects and provides an added layer of security to an organization’s internal local area network (LAN) from untrusted or unauthorized access. A DMZ is specifically designed to isolate public networks from private networks.
Encryption: coding used to protect your information from hackers. (Think of it like the code cipher used to send a top-secret coded spy message.)
Exploit: a means of attack on a computer system, either a series of commands, malicious software, or piece of infected data. Note that in this context, “exploit” is a noun, not a verb, as in “The hacker used a malware exploit to gain access to the credit card’s server.”
FERPA: according to the US Department of Education, the Family Educational Rights and Privacy Act (FERPA) is a federal law that gives parents the right to have access to their children’s education records, the right to seek to have those records amended, and the right to have some control over the disclosure of personally identifiable information from the education records. When a student turns 18 years old or enters a postsecondary institution, regardless of their age, the rights under FERPA transfer from the parents to the student.
Firewall: any technology, whether software or hardware, used to keep intruders out.
General/Public Data: very basic information such as our names or email addresses. Access to this type of information is virtually risk-free, and there is no threat to individuals or the University if this information is widely accessed or viewed.
GLBA: the Gramm-Leach-Bliley Act (GLBA) requires financial institutions and companies that offer consumers financial services or products including loans, financial or investment advice, or insurance, to explain their information sharing practices to their customers and to safeguard sensitive data. The purpose of this is to protect consumer financial privacy.
Hacker: a person who is skilled in information technology who uses computers and their technical knowledge to gain unauthorized access to data or computer systems they would otherwise not have access to, via non-standard means. The hacker may disrupt services, install viruses or malware, steal or destroy data. Hacking may also be done for ethical reasons including to try to find vulnerabilities in order to fix them, etc.
Hacktivism: combining the words hack and activism, hacktivism is the act of hacking or breaking into a computer system or network for politically or socially motivated purposes, typically with the goal of bringing issues to light and promoting social change, or as a method of harassment and intimidation.
Host: any hardware device such as a computer, personal electronic device, thin client, or multi-functional device that connects to other devices in a network via a user interface, specialized software, network address, or any other means.
HTTP: Hypertext Transfer Protocol (HTTP) is the set of rules that secures communication and data transfer between a user’s web browser and a website.
HTTPS: Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP, as it is encrypted in order to increase security of data transfer.
Internal Data: information such as our Wake Forest ID numbers, residence halls or office locations, or institutional financial information meant for those within our campus community only. The misuse or mishandling of this information could result in potential damage to individuals and/or the institution.
Internet Service Provider (ISP): an Internet Service Provider (ISP) is a company or organization that provides internet access to its customers or users.
Internet of Things (IoT): The phrase “internet of things” refers to the myriad commonplace items that connect to the internet, and can collect and transfer data without requiring human input. Any device that has an IP address and can share data is considered part of the internet of things, such as computers, mobile phones, smart home devices, CCTV cameras, household appliances, vehicles, and more.
IP Address: IP stands for Internet Protocol. An IP address is a series of numbers allocated to computers, routers, servers, and virtually anything connected to the Internet, including websites. It functions very similarly to a standard address, allowing users to find any system or device on the global network by specifying its location.
Keylogger: typically malware or software that records and keeps track of what a person types on a device.
MAC Address: a Media Access Control (MAC) address is a 12 digit unique identifier assigned to each hardware device that is connected to a network.
Malicious Code: harmful computer programming scripts that are designed to create or exploit common systems vulnerabilities, including viruses, worms, Trojan horses, spyware, adware, and backdoor programs.
Malware: a combination of “malicious” and “software”, describing a wide variety of bad software used to infect and/or damage a system. Ransomware, worms, viruses, and trojans are all considered malware. It is most often delivered via spam emails.
Multi-factor authentication (aka two-step verification): multi-factor authentication (MFA) makes it more difficult for hackers to access your account as it requires you to provide at least two different credentials, with which to confirm your identity. Typically in addition to your password, MFA requires a one-time security code, a fingerprint scan, a facial recognition scan, etc.
Passphrase: a type of password. Passphrases tend to be longer than a traditional password, and can contain letters, numbers, and symbols. Passphrases do not have to be a proper sentence or grammatically correct.
P2PE: Point to Point Encryption (P2PE) is a standard by which transaction data, such as credit card data, is fully encrypted from the time a consumer enters their data through to the point where that data is transmitted to the payment processor.
PCI: PCI stands for the Payment Card Industry. As it relates to information security, PCI standards are a widely accepted set of policies and procedures intended to optimize the security of credit, debit, and cash card transactions, protecting consumers against the misuse of their personal information.
Password cracking: the process of recovering secret, unknown, or forgotten passwords that are stored in a computer system or network resource.
Payment Card Skimmers: payment card skimmers are illegal devices that criminals attach to card readers at ATMs, point of sale terminals at retail stores or restaurants or gas pumps, in order to steal payment card data with the intent of making future fraudulent purchases.
Patch: software and operating system updates that specifically address certain security vulnerabilities within a program or product. In addition to providing enhanced security features, patches may also be used to fix performance bugs.
Phishing: a scam where a hacker poses as a legitimate business or organization (especially credit card companies, banks, charities, Internet providers, other utilities) in order to fool the victim into giving them sensitive personal information or inducing them to click a link or attachment that ends up delivering malware. Some of these schemes are extremely well done, others are sloppy and amateurish and can be spotted with just a little extra vigilance.
Point of Sale (POS): as it relates to information security, point of sale security are standards and measures put in place to create safe environments for consumers to make purchases and complete transactions. These POS measures prevent unauthorized users from accessing electronic payment systems and reduce the risk of credit card information theft or fraud.
Ransomware: a form of malware that hijacks your system and encrypts your files, denying you access to them until you send money to unlock everything. In other words, it kidnaps your computer and holds it for ransom, hence the name.
Risk Assessment: a risk assessment is the process of identifying, assessing, and implementing key security controls and measures in technical hardware and software. It also focuses on preventing application security defects and vulnerabilities.
Risk Management: the process of identifying, assessing, and managing risks to the confidentiality, integrity, and availability of an organization’s assets. Risk management is virtually everything the Information Security team does to manage our cybersecurity risks.
Scareware: a tactic used by cybercriminals intended to scare people into visiting infected or spoofed websites or downloading malware. Scareware is often seen in the form of pop-up ads or spam emails.
Security Information and Event Management (SIEM): an aspect of computer security, where software products and services combine security information management and security event management, providing real time security analysis of security alerts generated by applications and network hardware.
Secure Endpoint: Endpoint security is the practice of securing points of entry of end-user devices such as laptops, desktops, and mobile devices from being exploited. The technical controls implemented for Wake Forest University-managed secure endpoints are antivirus, encryption, backup, and operating system patching.
Smishing: similar to phishing, which happens via email, smishing is the use of text or SMS messaging to attempt to gather personal information such as social security numbers, credit card information, etc.
Social Engineering: instead of breaking in or utilizing technical hacking techniques, social engineering is a growingly popular way to access restricted resources. This strategy relies on user manipulation and human psychology. An employee might get an email from a social engineer purporting to be from the IT department in order to deceive him into disclosing private information rather than trying to uncover a software weakness in a company system. Spear phishing assaults are built on a foundation of social engineering.
Spam: irrelevant or inappropriate messages sent via email to a large number of recipients.
Spear Phishing: a more targeted cyber attack than typical phishing. Spear phishing typically involves emails that are personalized to the intended victim, in which the cybercriminal identifies with a cause, impersonates someone the victim knows, or uses some other social engineering method to gain the victim’s trust in order to make them fall for the phishing request.
Spoofing: when a hacker changes the IP address of an email so that it seems to come from a trusted source.
Spyware: a form of malware used by hackers to spy on you and your computer activities. If a mobile device such as a smartphone is infected with spyware, a hacker can read your text messages, redirect your phone calls, and even track down where you are physically located.
TCP/IP: Transmission Control Protocol/Internet Protocol (TCP/IP) is a data link protocol used on the internet to let computers and other devices send and receive data. TCP/IP makes it possible for devices connected to the internet to communicate with one another across networks.
Threat Intelligence: data that is collected and analyzed to understand a cybercriminal’s motives, targets, and attack behaviors, enabling us to make faster, more informed, data-backed security decisions.
Trojan Horse: another form of malware, this one a misleading computer program that looks innocent, but in fact allows the hacker into your system via a back door, allowing them to control your computer.
Two Factor Authentication: a security method that requires two forms of identification to access a resource or certain data. Typically two factor authentication requires a password and a second key in order to authenticate. The second key may come in the form of a text message, a backup code, an authentication application, a physical security key, etc.
Virus: malware which changes, corrupts, or destroys information, and is then passed on to other systems, usually by otherwise benign means (e.g. sending an email). In some cases, a virus can actually cause physical damage.
Vishing: similar to phishing and smishing, vishing is the act of attempting to gather personal information from a victim via voice phishing, typically over the phone or via email.
VPN: an acronym for Virtual Private Network, a VPN is a method of connecting a series of computers and devices in a private encrypted network, with each user’s IP address being replaced by the VPN’s IP address. Users experience internet anonymity, which makes it difficult for hackers to attack.
Vulnerability: as it relates to information security, is a weakness in an information system, application, network, infrastructure, security procedure, internal control, or implementation, that can be exploited or triggered by a threat source.
Worm: malware that can reproduce itself for the purposes of spreading itself to other computers in the network. Particularly nasty, worms can either be simply a means of slowing down a system by eating up resources, or by committing exploits such as installing back doors or stealing data.Zero Day: a type of cybersecurity attack that happens on the same day that the software, hardware, or firmware vulnerability is detected by the owner or manufacturer. The term zero day refers to the fact that it’s been zero days since the vulnerability was detected and exploited.