| Android |
Google's brand name for its mobile operating system. Uses a traditional open-install
model for software; anti-virus is recommended. |
| Anti-virus |
Anti-malware software that usually tries to recognize virus/malware looking for files
that look for previously known and analyzed malware files. |
| Bot |
Malware that provides interactive control of your PC to criminals, often for the purpose
of attacking other computers, stealing information or sending spam. From the term
'robot'. |
| Confidential Data |
Educational records and business documents, including faculty/staff email, are considered
Confidential data. University Confidential data must be protected by a unique account password
assigned to each account that has access to the data. See Schedule A for an extensive list of Confidential data fields. |
| Data Breach |
A data breach is a security incident that results in the confirmed disclosure of data to an unauthorized party.1 In addition, security incidents that result in a notice to any parties of potential data exposure, whether notice is legally mandated or voluntary, are also classified
as data breaches. |
| Drive-by Download |
A malware download and install that takes place simply because you use an out-of-date
browser or computer to access a malicious website (or legitimate website with malicious
ads). |
| Guideline |
Recommended actions and operational guides. More general than procedures, and optional,
in contrast to standards. |
| HIPAA |
The Health Insurance Portability and Accountability Act of 1996 is a federal law that
requires the creation of national standards to protect patient health information
from being disclosed. |
| HIPAA Privacy Officer |
The HIPAA Privacy Officer conducts risk assessments, staff training, and managing
Business Associate Agreements and will also be responsible for establishing, managing,
and enforcing HIPAA-compliant policies and procedures to protect patient health information
(PHI) in whatever format it is maintained. |
| HIPAA Security Officer |
The HIPAA Security Rule stipulates the person designated the role of HIPAA Security
Officer must implement policies and procedures to prevent, detect, contain, and correct
breaches of ePHI (electronic format patient health information). |
| iOS |
Apple's brand name for its mobile operating system. Uses a "walled garden" security
model; "jailbreaking" iOS devices removes this security. |
| Java |
Programming language and min-operating system; used on most personal computers and
some mobile devices. |
| MFA |
Multi-factor authentication (MFA) is confirmation of identify by two or more independent
verification factors. Pepperdine's logon MFA requires the NetworkID password and another
factor such as a passcode or app notification response managed through SecureConnect
powered by DUO. |
| Malware |
Any malicious software designed to operate on your computer without your consent. |
| Phishing |
A messaging technique for attempting to induce action or disclosure, through a fraudulent
solicitation in which the perpetrator masquerades as a legitimate business or reputable
person.2 |
| PIN |
Personal Identification Number, used like a password, but weaker |
| Policy |
An organization-wide statement produced by senior management, or the appropriate policy
board or committee, that dicates organizational goals for specific scopes, e.g information
security. |
| Procedure |
Detailed step-by-step instructions to achieve a certain task. More specific than
guidelines and policies. |
| Ransomware |
A malware that locks data files, often after stealing copies of them. IT then presents
a ransom demand to unlock the files and/or prevent disclosure of their data. Recovery
can require all computers and network to be offline until cleaned. |
| RESTRICTED Data |
Data, which if disclosed to unauthorized parties results in legally or contractually
required costs or fines, is considered RESTRICTED data. Examples of RESTRICTED data
include Social Security & Credit Card numbers, as well as Health Records. University
RESTRICTED data must be protected by encryption when stored or transmitted. See Schedule A for a detailed list of RESTRICTED data fields. |
| Security Event |
Reconnaissance or attacks made against Pepperdine networks, systems or data. |
| Security Incident |
A security event that successfully compromises the integrity, confidentiality or availability
of an information asset.1 ISO security incidents which result in confirmed or suspected unauthorized access
to student or University data are classified differently, see "Data Breach" above. |
| Sensitive Data |
A vague catchall term for non-public data, though sometimes applied colloquially at
Pepperdine for public data, such as email address, CWID and birth date. Please check
with the classification policy schedules to apply the correct controls to Confidential, and RESTRICTED data for Pepperdine use. |
| Spam |
Electronic junk mail or the abuse of electronic messaging systems to indiscriminately
send unsolicited commercial or bulk messages.2 |
| Standard |
A mandatory technology, result or procedure to be applied in all appropriate situations. |
| Trojan |
Malware that spreads because you install or download it for certain legitimate functions,
but it carries out hidden, harmful functions - for example, stealing information.
AKA Trojan Horse. |
| Updates |
Software patches to close security holes and fix bugs in software. |
| Virus |
Malware that spreads by copying itself into files; as the files spread, so does the
virus. |
| Vishing |
A unexpected call or voice chat, typically purporting to be from an unknown technician,
asking you to take actions or provide access to your computer or device. |
| Worm |
Malware that spreads by copying itself across the network to other computers. |