10. Common Technical and Legal Terms — A Glossary

The terms can be confusing. The following glossary may help you understand some of the legal, technical, and industry terms that are often used when discussing data security.

Many, but not all, of the terms and definitions listed below were compiled by the FTC.

Term Explanation
Adware A type of software that often comes with free downloads. Some adware displays ads on your computer, while some monitors your computer use (including websites visited) and displays targeted ads based on your use.
Anti-virus software Software that protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash, or even allow spammers to send email through your account.
Bookmark A web browser feature that allows you to save the addresses of interesting or frequently used websites, so that you can readily revisit them.
Broadband A number of different methods used for high speed Internet access such as DSL, cable modems, fiber optics, and mobile wireless, all of which are permanently connected to the Internet through different means.
Browser hijacker A common spyware program that changes your web browser's home page without the user's knowledge, even if you change it back.
Cache A form of computer memory that allows you to quickly access stored information, such as web addresses you've recently typed into your browser. Pronounced "cash."
Cookies A small text file that a website can place on your computer's hard drive to collect information about your activities on the site or to allow the site to remember information about you and your activities.
Data security incident A situation in which you believe that electronic data that contains personal information (see definition) may have been improperly accessed or acquired.
Domain A segment of Internet space, denoted by the function or type of information it includes; current domains include ".com" for commercial sites, ".gov" for governmental ones, and ".org" for non-commercial organizations.
Drive-by download Software that installs on your computer without your knowledge when you visit certain websites. To avoid drive-by downloads, make sure to update your operating system and web browser regularly.
DSL Digital Subscriber Line: A type of high speed Internet using standard phone lines and the local telephone network. DSL is almost always slower than cable modem or fiber optics.
Encryption The scrambling of data into a secret code that can be read only by software set to decode the information.
Endpoint Any computer desktop, laptop, or server.
Extended Service Set Identifier (ESSID) The name a manufacturer assigns to a router. It may be a standard, default name assigned by the manufacturer to all hardware of that model. Users can improve security by changing to a unique name. Similar to a Service Set Identifier (SSID).
Filter Software that screens information on the Internet, classifies its content, and allows the user to block certain kinds of content.
Firewall Hardware or software that helps keep hackers from using your computer to send out your personal information without your permission. Firewalls watch for outside attempts to access your system and block communications to and from sources you don't permit.
FTC The Federal Trade Commission. See www.ftc.gov.
GLBA The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act. Pub. L. 106-102, codified at 15 U.S.C. §§ 6801-6809 and §§ 6821-6827 as amended. A full copy of the Act is available at http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf
Hacker Someone who uses computers and the Internet to access other people's computers without permission.
Hardware The mechanical parts of a computer system, including the central processing unit (CPU), monitor, keyboard, and mouse, as well as other equipment like printers and speakers.
HIPAA The Health Insurance Portability and Accountability Act. Pub. L. 104-191, 110 Stat. 1936, codified at 29 U.S.C. §§ 1181, 1320, 1395. A full copy of the Act is available at www.cms.hhs.gov/HIPAAGenInfo/Downloads
HTTP (Hypertext Transfer Protocol) The standard language that computers connected to the World Wide Web use to communicate with each other.
Internet Protocol (IP) The computer language that allows computer programs to communicate over the Internet.
IP address A computer's "address," it consists of a series of numbers separated by periods.
Keystroke logger A device or program that records each keystroke typed on a particular computer.
LAN (Local Area Network) A network of connected computers that are generally located near each other, such as in an office or company.
Malware A combination of the terms "malicious" and "software," used to describe any software designed to 'infect' a single computer, server, or computer network. Malware includes malicious software, such as viruses, Trojans, key loggers, spyware, etc — programs used to steal sensitive data. Once in your computer, they can steal information, send spam, and commit fraud.
Media Access Control (MAC) address A unique number that the manufacturer assigns to each computer or other device in a network.
Monitoring software Programs that allow a parent or caregiver to monitor the websites a child visits or email messages he or she reads, without blocking access.
Network A group of two or more computers that are able to communicate with one another.
Online banking credentials The unique identification used by consumers when they are accessing systems that transmit financial data. These credentials often include, but are not limited to, a username, password, smart card, token, or a biometric.
Online profiling Compiling information about consumers' preferences and interests by tracking their online movements and actions in order to create targeted ads.
Operating system The main program that runs on a computer. An operating system allows other software to run and prevents unauthorized users from accessing the system. Major operating systems include UNIX, Windows, MacOS, and Linux.
P2P, peer-to-peer A method of sharing files, usually music, games, or software, with other users through a sharing program that allows uploading and downloading files from other users online. Caution should be used — P2P files are often misrepresented and can contain offensive material, malware, viruses, or other unintended items.
PCI The term "PCI" stands for Payment Card Industry.
PCI Data Security Standard This refers to a data security standard promulgated by members of the payment card industry. Additional information about the PCI Data Security Standard can be found at www.pcisecuritystandards.org.
Personal digital assistant (PDA) A handheld device that combines various forms of traditional computer and telecommunications products. Common examples are BlackBerry phones, iPhones, and other smartphones.
Personal information or Personally Identifiable Information (PII) Information that can identify you, like your bank and credit card account numbers; your Social Security number (SSN); or your name, address, phone numbers, email addresses, or date of birth.
Phishing A scam that involves Internet fraudsters who send spam or pop-up messages through email or social media to lure personal information (credit card numbers, bank account information, Social Security numbers, passwords, or other sensitive information) from unsuspecting victims.
RAM Short-hand for "Random Access Memory," it's the hardware inside your computer that retains memory on a short-term basis and stores information while you work.
Router A device that connects two or more networks. A router finds the best path for forwarding information across the networks.
Secure Socket Layer (SSL) A protocol developed for transmitting private documents via the Internet.
Sock puppet A secret alias used by a member of an Internet community, but not acknowledged by that person.
Software A computer program with instructions that enable the computer hardware to work. System software — such as Windows or MacOS — operate the machine itself, and applications software — such as spreadsheet or word processing programs — provide specific functionality.
Spam Unsolicited commercial email, often sent in bulk quantities.
Spam zombies Home computers that have been taken over by spammers without the consent or knowledge of the computer owner. The computers are then used to send spam in a way that hides the true origin.
Spammer Someone who sends unsolicited commercial email, often in bulk quantities.
Spyware A software program that may be installed on your computer without your consent to monitor your use, send pop-up ads, redirect your computer to certain websites, or record keystrokes, which could lead to identity theft.
Trojans Programs that, when installed on your computer, enable unauthorized people to access it and sometimes to send spam from it.
Universal Serial Bus (USB) A connection standard that allows data to be transferred between a computer and a peripheral device such as a mouse, a keyboard, or an external hard drive. The USB port, has largely replaced the serial port and the parallel port found on older products.
Virus A program that can sneak onto your computer — often through an email attachment — and then make copies of itself, quickly using up all available memory.
Wi-Fi protected access (WPA) A security protocol developed to fix flaws in WEP. Encrypts data sent to and from wireless devices within a network.
Wired equivalent privacy (WEP) A security protocol that encrypts data sent to and from wireless devices within a network. Not as strong as WPA encryption.
Wireless network A method of accessing high speed Internet without the computer being linked by cables.
Worm A program that reproduces itself over a network and can use up your computer's resources and possibly shut your system down.

In This Chapter

Only 28% of small businesses provide training to employees about Internet safety and security.

Source: 2012 National Small Business Study, National Cyber Security Alliance, Symantec, & JZ Analytics.

Other Abbreviations

ACH = Automated Clearing House (electronic network for financial transactions)
BBB = Better Business Bureau (bbb.org)
CVC/CVV = card verification code or card verification value (additional security code on a credit or debit card)
DSL = digital subscriber line (a type of high-speed Internet access)
DSS = data security standard
FAQ = frequently asked questions
FTP = file transfer protocol (how data is shared on the Internet)
FTPS = file transfer protocol over a secure connection
IT = information technology
PCI = payment card industry
SQL = structured query language (a programming language for managing data)
SSL = secure sockets layer (a secure connection on the Internet)
VSP = validated service provider