Yale University

ITS Information Technology Services

Yale ITS Home

Help Desk
203.432.9000
203.785.3200

ITS Office
Yale University
25 Science Park
P.O. Box 208276
New Haven, CT
06520-8276
USA

Glossary of computer security terms
A-Z site index

A glossary of the many jargon words, slang terms, and computing acronyms that plague computer security.
Also see the main ITS site A-Z list for a complete index of the whole ITS web site.

A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z  
Data security classification levels
1-Lock data defined
1-Lock data is low-risk routine Yale business and academic content that contains no personally identifiable, medical, or financial information, and contains nothing that might adversely impact Yale’s reputation.
2-Lock data defined
2-Lock data is medium-risk data University proprietary or confidential data, faculty intellectual property, or data that might have an adverse effect on Yale’s internal or external reputation if the data was lost or stolen and misused.
3-Lock data defined
3-Lock data is high-risk data that is covered by Federal or state mandates and reporting requirements, or other highly sensitive types of Yale data.

A

Adware
Adware programs facilitate delivery of advertising content to the user through their own window, or by utilizing another program's interface. In some cases, these programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other location (thus certain adware can also be spyware).
Access to Yale applications and email
Securely accessing your Yale applications and email while traveling.
Administrative safeguards
Administrative actions and policies and procedures that:
  • Manage the selection, development, implementation, and maintenance of security measures
  • Protect ePHI and to manage the conduct of the Covered Components workforce in relation to the protection of ePHI.
Antivirus software
Prevents problems from computer viruses, Trojan horses, and blocks various spyware and malware applications.
Apple Macintosh
System updates and security for Macintosh OS X.
Application administrator
A Systems Authority may designate another person to manage an information technology system assigned to the Systems Authority. These administrators provide the technology and processes to implement the decisions of the Systems Authority and are responsible for the technical operation, maintenance, and monitoring of the information technology system. The duties of these administrators may include implementing appropriate technical and non-technical information security measures (for example, physical, administrative, and technical safeguards).
Appropriate use policy
A policy that governs the appropriate use of computers and computing devices (for example, PDAs).
Availability
The Ability of an information technology service to perform its function as required. Availability is determined by reliability, maintainability, serviceability, performance and security. Availability is usually calculated as a percentage. This calculation is often based on Agreed Service Time and Downtime. It is Best Practice to calculate Availability using measurements of the Business output of the IT Service. Ensuring timely and reliable access to and use of information.

B

Browser hijacker
Browser hijacker (sometimes called hijackware) is a malware program that alters your computer's browser settings, so that you are redirected to Web sites that you had no intention of visiting. Home page hijackers can force you to view a particular web page, to either increasing their hit count or increase viewing of display ads.
Backups, network backup service
Yale's centralized and automated network backup service for all desktop and laptop computers at Yale.

C

Certifying authority
The System administrator or other University authority that certifies the appropriateness of an official University document for electronic publication in the course of University business.
Classes*v2, for secure collaboration and file sharing
Yale's course management system can also be use to support secure group collaboration and file sharing.
Collaboration tools at Yale
SharePoint and Class*v2 collaboration and file sharing
Compliance regulations, State and Federal
Regulations governing data security for personal financial & health information.
Confidentiality
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Contingency plan (CP)
A plan that is maintained for emergency response, backup operations, and return to normal operations. The purpose of the plan is to ensure availability of critical resources and facilitate the continuity of operations in an emergency. The plan includes procedures for performing backups, preparing critical facilities that can be used to facilitate continuity of critical operations in the event of an emergency, and returning to normal operations.
Credit card information, and data security
Regulations governing data security for personal financial information.


Jump to top.

D

Data breach
A loss of sensitive or legally protected data, due to physical theft or accidental loss of computing hardware like laptops, or through criminal hacking and compromise of online data.
Data, classification levels at Yale
Yale's secure data classification levels explained.
Data encryption
Data encryption methods and policies at Yale.
Data, protecting
Data scanning
Data scanning, frequently asked questions
Data steward
Data stewards are University representatives (for example, faculty, staff, researchers) who are responsible for managing administrative or research data. A Data Steward acts as the primary contact for issues related to the data for which the data steward is responsible. The Data Steward controls access to the system by managing and enforcing consistent access policies, and administers the data in the appropriate information system.
Data storage devices (external hard disks, flash drives, etc.), security for
Data use agreement
An agreement between a covered entity (a holder of PHI) and the recipient of the PHI (such as a research investigator) in which the covered entity discloses a limited data set for purposes of research, public health or healthcare operations in accordance with Policy 5039. Data use agreements are required to restrict the use of the PHI in the limited data set to a specified purpose, to safeguard the PHI, and to assure that the individuals whose PHI is included in the limited data set will not be identified by the recipient.
Database administrator
A Systems Authority may designate another person to manage an information technology system assigned to the Systems Authority. These administrators provide the technology and processes to implement the decisions of the Systems Authority and are responsible for the technical operation, maintenance, and monitoring of the information technology system. The duties of these administrators may include implementing appropriate technical and non-technical information security measures (for example, physical, administrative, and technical safeguards).
De-identified data
Health information that does not identify an individual, and there is no reasonable basis to believe that the information can be used to identify an individual, is de-identified. Health information is considered de-identified if one of the following are true:

1. the information is stripped of all of the direct identifiers defined under HIPAA
2. an expert in statistical and scientific method determines that there is a very small risk that the information could be used alone or in combination with other information to identify an individual.

See Policy 5039.

HIPAA does not apply to de-identified data.
Desktop computers, physical security for
Devices, information security for
DHHS
US Department of Health and Human Services
Disposal, secure workstation and device disposal or repurposing
Methods for the secure repurposing or disposal or computers.
Disaster recovery plan
The part of a Contingency Plan that documents the process to restore any loss of data and to recover computer systems if a disaster (for example, fire, vandalism, natural disaster, system failure) occurs. The document defines the resources, actions, tasks and data required to manage the disaster recovery process in the event of a business interruption. The plan is designed to assist in restoring the business process to attain the stated disaster recovery goals.
DMCA (Digital Millennium Copyright Act), and file sharing

E

Electronic media, reporting stolen or lost
Electronic Protected Heath Information (ePHI)
Protected heath information in electronic form.
Email, remote access to
Email, secure computing, and privacy
Emergency mode operation (EMO) plan
A subset of a contingency plan that documents processes that support continued operation in case of an emergency. Emergency mode operations documentation includes emergency management/crisis management guidelines and procedures to maintain the integrity, availability and confidentiality of protected health information.
Encryption, of data
End-to-end encryption
The encryption of information at its origin and decryption at its intended destination without any intermediate decryption. The University recommended method for encrypting data (for example, in email, files, documents, and disks) stored on Yale University-owned computer systems is PGP (Pretty Good Privacy) software.

F

FERPA
FERPA ( Family Educational Rights and Privacy Act of 1974, also known as the "Buckley Amendment") is a Federal law that sets certain restrictions and privacy protections on the disclosure of personal information from records kept by Universities like Yale that participate in Federal student financial assistance programs.
File Transfer Facility
A secure way to send and share files that are too large for email enclosures, or which need additional security.
Financial information
personally identifiable financial information, State and Federal reporting mandates
Firewall, hardware
A hardware firewall is a dedicated networking appliance that inspects network traffic passing through it, and permits or denies passage of various kinds of network data, based on a set of rules.
Firewall, software, or personal firewall
A software or personal firewall is an application built into current operating systems that controls network traffic to and from a single computer, permitting or denying communications based on a security policy set by the computer user.
FISMA
The Federal Information Security Management Act. The FISMA Implementation Project was established during early 2003 to develop a range of security guidelines and standards as required by Congressional legislation. The FISMA project aims to create minimum security standards for information and information systems, and assessment guidelines for information security control systems and guidelines for identifying the effectiveness of such security control measures.

G



Jump to top.

H

Help, finding computing support providers
Help, getting technology help at Yale
Help, ITS Help Desk, 203-432-9000
Anyone at Yale can call the ITS Help Desk. We can get you connected with the support you need. If you are a student, please see our student support listing.
Help, reporting an information security incident
Help, reporting lost or stolen computing devices
HIC
Human Investigation Committee. The HIC helps support the research enterprise through the implementation and monitoring of federal regulations and University policy.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) governs the privacy and confidentiality of all individually identifiable health and medical records, which must be kept strictly confidential, and must always be stored and transmitted as highly confidential University 3-Lock Data.
Hoaxes
Hoaxes are almost always sent by email and are similar to chain letters. If you suspect that a warning email you receive might be a hoax you can check to see if it is legitimate by using the Symantec hoax encyclopedia.
Home, computing and security
Home wireless networks
Security and configuration advice for home wireless networks.
Hybrid entity
A single legal entity, such as Yale, that is a covered entity whose business activities include both covered and non-covered functions.

I

Identity theft, defined
Identity theft, prevention
Incident, report an information security incident
Information
An instance of an information type.
Information resources
Information and related resources, such as personnel, equipment, funds, and information technology.
Information security
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
Information Security Office (ISO)
The Yale University Information Security Office
Information system
A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
Information technology
All forms of technology used to create, store, exchange and utilize information in its various forms including business data, conversations, images, motion pictures and multimedia presentations.
Information type
A specific category of information (for example, privacy, medical, proprietary, financial, investigative, contractor sensitive, security management), defined by an organization, or in some instances, by a specific law, executive order, directive, policy, or regulation.
Integrity
The assurance that the data being accessed or read has not been tampered with or modified improperly. Integrity includes ensuring information non-repudiation and authenticity.
Information technology
All forms of technology used to create, store, exchange and utilize information in its various forms including business data, conversations, images, motion pictures and multimedia presentations.
ITIL
The Information Technology Infrastructure Library (ITIL) is a framework of best practice approaches intended to facilitate the delivery of high quality information technology (IT) services. ITIL outlines an extensive set of management procedures that support organizations in achieving high financial quality and value in IT operations.
IT security incident
Any activity that harms or represents a serious threat to the whole or part of Yale's computer, telephone and network-based resources such that there is an absence of service or inhibition of functioning systems. Activities include: unauthorized changes to hardware, firmware, software or data; unauthorized exposure, change or deletion of PHI; or a crime or natural disaster that destroys access to or control of these resources.

Routine detection and remediation of a virus, malware or similar issue that has little impact on the day-to-day business of the University is not considered an Incident under this policy.
ITS File Transfer Facility
A secure way to send and share files that are too large for email enclosures, or which need additional security.

J

K

L

Laptops, physical security for
Linux, system updates and security


Jump to top.

M

Macintosh, system updates and security
Maintainability
The ability of an information technology service, under stated conditions of use, to be retained in, or restored to, a state in which it can perform its required functions. Maintainability also describes the maintenance being performed under stated conditions and using prescribed procedures and resources.
Malware
"Malware" is a generic term used to describe any program or file that is harmful to a computer.
Managed Workstation Program
Yale's managed workstation program standardizes and better manages the computing hardware we use, which will provide more secure, cost-effective, and reliable computing solutions.
Messages from Yale, how to identify legitimate messages
How to be sure that a message is actually from the Yale administration and not a hoax.
Microsoft Windows operating systems, updating
Minimum necessary
The reasonable efforts made to limit use, disclosure, or requests for PHI to the minimum necessary to accomplish the intended purpose. See Policy 5037.
Medical information, personally identifiable information protected by HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) governs the privacy and confidentiality of all individually identifiable health and medical records, which must be kept strictly confidential, and must always be stored and transmitted as highly confidential University 3-Lock Data.
Multifunctional Device (MFD) (printer/photocopier/fax/scanner)
A Multifunctional Device (MFD) is an office machine which incorporates the functionality of multiple devices in one.

N

NetID, and computing security
The unique user identification assigned to current members of the Yale community. The NetID and associated password allows access to resources. The NetID is not secret, but the NetID password is secret, and it is very important that NetID passwords be protected.
Network backup service
Yale's automated network-based backup service for all desktop and laptop computers.
Non-repudiation
A security service by which evidence is maintained so that the sender of data and recipient of data cannot deny having participated in the communication.

0

OCR
Office of Civil Rights is the branch of the DHHS that is responsible for federal oversight of the privacy regulations.

P

P2P (peer-to-peer) software
Avoiding the confidentiality dangers and legal risks of using P2P file-sharing software on your computers.
Passwords, and security
Passwords, confidentiality
Passwords, creating strong passwords
Yale's policy guidelines for strong passwords, in PDF format.
Patches, system. See Updating your operating system.
PFI
Personal financial data, a highly confidential form of Yale 3-Lock data.
PHI
Protected health information, as defined in Yale HIPAA policies.
Phishing
"Phishing" is when the sender of an email tries to trick recipients into volunteering personal or credential-related information.
Physical safeguards
Measures, policies, and procedures to physically protect the Covered Component's systems and related buildings and equipment that contain ePHI from natural and environmental hazards and unauthorized intrusion.
Policies & Procedures, Yale, on computing security
Yale's security and information technology policies & procedures
Principles for data security
Privacy, guarding your

Q

R

Reliability
The ability of an information technology service to perform a required function under stated conditions for a stated period of time.
Remote access to Yale applications and email
Access to Yale email and applications, from home, or while traveling.
Report an information security incident
How to report an information security incident, or the loss or theft of a Yale computing device or smartphone.
RIAA
Recording Industry Association of America, and legal actions against people who use peer-to-peer file sharing software.
Risk analysis
A documented assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI, and an estimation of the security measures sufficient to reduce the risks and vulnerabilities to a reasonable and appropriate level. Risk analysis involves determining what requires protection, what it should be protected from, and how to provide protection.
 


Jump to top.

S

Secure data removal service
A component of the secure workstation disposal process.
Secure workstation and device disposal or repurposing
How to securely repurpose or dispose of Yale computing equipment, assuring that no confidential Yale data is placed at risk.
Security
The process of ensuring that services are used in an appropriate way by the appropriate people.
Security category
The characterization of information or an information system based on an assessment (accomplished by performing a risk assessment or business impact analysis) of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals.
Security controls
The management, operational, and technical controls (for example, safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.
Security objective
A statement of intent to counter threats to confidentiality, integrity, or availability.
Self-scanning, see Data scanning
The annual process of scanning your computer for the potential presence of highly confidential and legally protected data such as personal financial or personal medical information.
Sending Yale data securely
Serviceability
The contractual conditions with a supplier covering the availability of, and the conditions under which the contractual conditions are valid for, an information technology system.
SharePoint, for secure collaboration and file sharing
How to use Yale's SharePoint collaboration support to securely share files and messages with Yale colleagues.
Sharing data with Yale colleagues or collaborators
Smartphones, physical security
Social Security numbers
A highly confidential form of Yale 3-Lock data.
Specific authorization
The documented permission provided by the applicable Systems Administrator.
Spyware
Spyware programs can scan systems or monitor activity and relay information to other computers or locations. Among the information that may be actively or passively gathered and disseminated by Spyware: passwords, log-in details, account numbers, personal information, individual files or other personal documents.
SSL/TLS security standards for the web and email
SSL (Secure Socket Layer) is a widely-used form of data encryption for email communications and secure web pages.
Storage, secure file storage options
Secure Yale centralized file storage services for confidential or sensitive Yale data.
System
Any electronic computing or communications device or the applications running thereon which can create, access, transmit or receive data. Systems are typically connected to digital networks. Examples of Systems include:

  • A computer system whether or not connected to a data network
  • A database application used by an individual or a set of clients
  • A computer system used to connect over a network to another computer system
  • An analog or digital voice mail system
  • Data network segments including wireless data networks
  • Portable digital assistants
System administrator
The technical custodian of a System. This individual provides the technology and processes to implement the decisions of the System Owner. In some circumstances, for example, in small systems, typically Basic ePHI Systems, the System Administrator and the System Owner may be the same person. System Administrators are responsible for the technical operation, maintenance, and monitoring of the System. These duties include implementing appropriate technical, physical and administrative safeguards.
Systems authority
While Yale University is the legal owner or operator of all IT Systems, it may delegate oversight of particular systems to the heads of University subdivisions, departments, or offices, or to individual faculty members. A person to whom the University has delegated this responsibility is a Systems Authority. While a Systems Authority may delegate his or her obligations to other individuals, the Systems Authority remains accountable for adequately discharging those obligations.
System owner
The authority, individual, or organization head who has final responsibility for Systems which create, access, transmit or receive ePHI and including responsibility for the ePHI data. In some complex Systems, the functional responsibility for the System and the responsibility for the data may lie with more than one individual. Decisions regarding who has access to the System and related ePHI data and responsibility for the Risk Analysis rest solely with the System Owner. The System Owner usually delegates responsibility for the technical management of a System to a qualified System Administrator or staff who are capable of implementing appropriate technical, physical and administrative safeguards.

T

Technical safeguards
The technology, and the policy and procedures for use of technology, that protect electronic protected health information and control access to the information.
Telecommuting
The process of using telecommunications technology to replace traditional forms of commuting. Telecommuter Employees work all or part of the time outside the traditional office at remote work locations, which may include the home.
Trojans, Trojan horses
Trojans horses are a form of malware that claim to be something desirable but, in fact, are malicious. A very important distinction between Trojan programs and true viruses is that they do not replicate themselves. Trojans contain malicious code that when triggered cause loss, or even theft, of data.
Theft, reporting stolen computing equipment
How to report lost or stolen computing equipment.
Theft, identity
Traveling, and computer security

U

University information

Any electronic information that is created, accessed, or stored on an information system, or is transmitted or received by University faculty, students, staff, and other individuals in the course of their association with the University, except for information that is defined by the University’s intellectual property policies as the property of the employee (see Yale Patent Policy, and Yale Copyright Policy ).

URLs, how to spot a fake or misleading URL
How to tell a real URL from a fake URL that might be used in phishing or other identity theft crimes.

V

VA, Veterans Affairs, data security for
Security and confidentiality requirements for all VA research and clinical data.
VPN, virtual private network
A core information security technology that everyone should have installed on home computers, laptops, or smartphones, to enable secure connections to the Yale network and computing systems while you are away from the local Yale campus network.
Virus
A computer virus is a small program designed to alter the way a computer operates, without the permission or knowledge of the user. A virus generally has two characteristic features: 1. A virus will execute itself. It will often place its own code in the path of execution of another program. 2. A virus will replicate itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike.


Jump to top.

W

Worms
Worms are a form of malware that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file. Although worms generally exist inside of other files, often Word or Excel documents, there is a difference between how worms and viruses use the host file. Usually the worm will release a document that already has the "worm" macro inside the document. The entire document will travel from computer to computer, so this propagates the worm.
Web, safe web use
Web, how to spot a fake URLs
False or misleading web URL addresses are increasingly common. How to spot a fake web site masquerading as a legitimate site.
Web, identifying secure web pages
How to identify a secure web page when you are using the web for confidential communications, webmail, or online commerce.
Webmail, access to Yale's Webmail systems
Windows operating systems, updating
Wireless networks, at home
How to set up a secure wireless network in your home.
Wireless security, Medical Campus
Workstations, secure disposal of

X

Y

Yale Policies and Procedures, on computing security
Yale's Policies and Procedures that relate to information technology and secure computing.
YaleConnect
Yale's Exchange-based email system.

Z

Jump to top.

Last modified: Monday, 01-Nov-2010 14:26:31 EDT. (jj)