Skip to main content
Pepperdine | Community

Information Security Glossary

Word Definition
Android Google's brand name for its mobile operating system.  Uses a traditional open-install model for software; anti-virus is recommended.
Anti-virus Anti-malware software that usually tries to recognize virus/malware looking for files that look for previously known and analyzed malware files.
Bot Malware that provides interactive control of your PC to criminals, often for the purpose of attacking other computers, stealing information or sending spam.  From the term 'robot'.
Confidential Data Educational records and business documents, including faculty/staff email, are considered Confidential data.  University Confidential data must be protected by a unique account password assigned to each account that has access to the data. See Schedule A for an extensive list of Confidential data fields.
Data Breach  A data breach is a security incident that results in the confirmed disclosure of data to an unauthorized party.1 In addition, security incidents that result in a notice to any parties of potential data exposure, whether notice is legally mandated or voluntary, are also classified as data breaches.
Drive-by Download A malware download and install that takes place simply because you use an out-of-date browser or computer to access a malicious website (or legitimate website with malicious ads).
Guideline Recommended actions and operational guides.  More general than procedures, and optional, in contrast to standards.
HIPAA The Health Insurance Portability and Accountability Act of 1996 is a federal law that requires the creation of national standards to protect patient health information from being disclosed.
HIPAA Privacy Officer The HIPAA Privacy Officer conducts risk assessments, staff training, and managing Business Associate Agreements and will also be responsible for establishing, managing, and enforcing HIPAA-compliant policies and procedures to protect patient health information (PHI) in whatever format it is maintained.
HIPAA Security Officer The HIPAA Security Rule stipulates the person designated the role of HIPAA Security Officer must implement policies and procedures to prevent, detect, contain, and correct breaches of ePHI (electronic format patient health information).
iOS Apple's brand name for its mobile operating system.  Uses a "walled garden" security model; "jailbreaking" iOS devices removes this security.
Java Programming language and min-operating system; used on most personal computers and some mobile devices.
MFA Multi-factor authentication (MFA) is confirmation of identify by two or more independent verification factors. Pepperdine's logon MFA requires the NetworkID password and another factor such as a passcode or app notification response managed through SecureConnect powered by DUO.
Malware Any malicious software designed to operate on your computer without your consent.
Phishing  A messaging technique for attempting to induce action or disclosure, through a fraudulent solicitation in which the perpetrator masquerades as a legitimate business or reputable person.2
PII Personally Identifiable Information is any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means2.
PIN Personal Identification Number, used like a password, but weaker
Policy An organization-wide statement produced by senior management, or the appropriate policy board or committee, that dicates organizational goals for specific scopes, e.g information security.
Procedure Detailed step-by-step instructions to achieve a certain task.  More specific than guidelines and policies.
Ransomware A malware that locks data files, often after stealing copies of them. IT then presents a ransom demand to unlock the files and/or prevent disclosure of their data. Recovery can require all computers and network to be offline until cleaned.
RESTRICTED Data Data, which if disclosed to unauthorized parties results in legally or contractually required costs or fines, is considered RESTRICTED data.   Examples of RESTRICTED data include Social Security & Credit Card numbers, as well as Health Records.  University RESTRICTED data must be protected by encryption when stored or transmitted. See Schedule A for a detailed list of RESTRICTED data fields.
Security Event Reconnaissance or attacks made against Pepperdine networks, systems or data.
Security Incident A security event that successfully compromises the integrity, confidentiality or availability of an information asset.1 ISO security incidents which result in confirmed or suspected unauthorized access to student or University data are classified differently, see "Data Breach" above.
Sensitive Data A vague catchall term for non-public data, though sometimes applied colloquially at Pepperdine for public data, such as email address, CWID and birth date. Please check with the classification policy schedules to apply the correct controls to Confidential, and RESTRICTED data for Pepperdine use.
Spam Electronic junk mail or the abuse of electronic messaging systems to indiscriminately send unsolicited commercial or bulk messages.2
Standard A mandatory technology, result or procedure to be applied in all appropriate situations.
Trojan Malware that spreads because you install or download it for certain legitimate functions, but it carries out hidden, harmful functions - for example, stealing information. AKA Trojan Horse.
Updates Software patches to close security holes and fix bugs in software.
Virus Malware that spreads by copying itself into files; as the files spread, so does the virus.
Vishing A unexpected call or voice chat, typically purporting to be from an unknown technician, asking you to take actions or provide access to your computer or device.
Worm Malware that spreads by copying itself across the network to other computers.

References

  • Verizon Data Breach Information Report, 20221
  • Adapted from NIST Glossary2 https://csrc.nist.gov/glossary
  • The Sophos Group. Threatsaurus.Self-Published, 2009.
  • Harris, Shon. CISSP Exam Guide. McGraw-Hill/Osborne. 3rd Ed. 2005

 

 

Tech Central

Phone: 310.506.4357 (HELP)

Hours: 24 hours a day, 7 days a week, 365 days a year

Technology Service Request Forms

Have A Suggestion for IT?

Click to share your suggestion, anonymously if preferred, to improve Pepperdine IT.