Glossary

aggregated data

Refers to data that has been scrubbed of any personally or entity identifiable information and then generally combined with similar information from other parties.

anonymization

The process of deidentifying personally identifiable information such that no code or other association for reidentification exists.

audit trail

An automatic feature of computer operating systems or certain programs that creates a record of transactions relating to a file, piece of data, or particular user.

authentication

Verification of the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.

backups

Duplicate copies of data, generally stored at an off-site, secure facility.

Big Data

A process to deliver decision-making insights. The process uses people and technology to quickly analyze large amounts of data of different types (traditional table structured data and unstructured data, such as pictures, video, email, and Tweets) from a variety of sources to produce a stream of actionable knowledge.

bit

The smallest unit of data. A bit can have only one of two values: 1 or 0. See byte.

byte

A basic unit of data. A byte consists of eight bits and can represent a single character such as a letter or number. A megabyte refers to a million bytes of information. A gigabyte refers to a billion bytes of information.

cache

Memory used to store frequently used data. With regard to the Internet, caching refers to the process of storing popular or frequently visited websites on a hard disk or in RAM so that the next time the site is accessed it is retrieved from memory rather than from the Internet. Caching is used to reduce traffic on the Internet and to vastly decrease the time it takes to access a Web site.

central processing unit

Abbreviated CPU. The portion of a computer that controls the processing and storage of data.

certificate

A digital representation of information that at least (1) identifies the certification authority issuing it, (2) names or identifies its subscriber, (3) contains the subscriber’s public key, (4) identifies its operational period, and (5) is digitally signed by the certification authority.

click-wrap agreement

An agreement that is presented to the user for acceptance by clicking on “I Accept” or similar means. The agreement is usually presented to the user as part of the installation process for a piece of software or as part of the registration process when a user is accessing an online service.

client computer

A personal computer or workstation connected to a network file server. See file server.

client-server network

A type of network in which server computers provide files to client computers. See client computer and file server.

cloud computing

A delivery model for information technology resources and services that uses the Internet to provide immediately scalable and rapidly provisioned resources as services using a subscription or utility-based fee structure.

compliance

Conformity in fulfilling official requirements.

compressed file

A file whose contents have been “compressed” using specialized software so that it occupies less storage space than in its uncompressed state. Files are typically compressed to save disk storage space or to decrease the amount of time required to send them over a communications network like the Internet.

consequential damages

Are damages that are not a direct result of an act but a consequence of that act. Consequential damages must be foreseeable at the time the contract is entered into. In connection with a breach of contract, consequential damages would include any loss the breaching party had reason to know of and that could not reasonably be prevented by the nonbreaching party. Consequential damages can include loss of business, loss of profits, and harm to business reputation.

cookie

A cookie is a small data file that a website can store on a visitor’s computer. If the visitor returns to the website, the cookie can be used to identify the visitor and to provide personalized information to the visitor. Cookies are used by the operators of websites as marketing tools to gain information about their visitors and to track their movements on the site. Web browsers can be configured to reject cookies when they are offered.

CPU

Acronym for central processing unit. See central processing unit.

data flow map

Data flow maps are tools that graphically represent the results of a comprehensive data assessment to illustrate what information comes into an organization, for what purposes that information is used, and who has access to that information. Use of a data map can help ensure that an organization is in compliance with applicable law, the organization’s privacy and information security policies, and contractual obligations.

data mining or text mining

The analysis of raw data to produce results specific to a particular inquiry (e.g., how often a particular word is used, whether a particular product is in demand, how a particular consumer reacts to advertisements).

deidentification

The process of removing or obscuring personally identifiable information such that the information does not identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual.

direct damages

Direct damages are intended to place the nonbreaching party in the position it would have occupied had the breaching party performed as promised under their contract. They are generally the difference between the value of the performance received and the value of the performance promised as measured by contract or market value. They are not intended to punish the breaching party.

disk mirroring

A method of protecting data from a catastrophic hard disk failure. As each file is stored on the hard disk, an identical, “mirror,” copy is made on a second hard disk or on a different partition of the same disk. If the first disk fails, the data can be recovered instantly from the mirror disk. Mirroring is a standard feature in most network operating systems.

encryption

A method of using mathematical algorithms to encode a message or data file so that it cannot be understood without a password.

exabyte

A unit of measure for computer storage. 1 exabyte (EB) = 1,000,000,000,000,000,000 bytes = 1018 bytes = 1,000 petabytes = 1 billion gigabytes.

extranet

An extension of the corporate intranet over the Internet so that vendors, business partners, customers, and others can have access to the intranet. See intranet and Internet.

field(s)

Individual entries or groups of entries within a file relating to the same subject. For example, a litigation support database may have fields for the creator and recipient of a document and its subject.

file

A collection of data or information stored under a specified name on a disk. Examples of files are programs, data files, spreadsheets, databases, and word-processing documents.

file server

A central computer used to store files (e.g., data, word-processing documents, programs) for use by client computers connected to a network. Most file servers run special operating systems known as network operating systems (NOS). Novell Netware and Windows NT are common NOS. See client computer and client-server network.

hard disk

A storage device based on a fixed, permanently mounted disk drive. Hard disks can be either internal or external to the computer.

IaaS

The capability provided to the customer regarding provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications and possibly limited control of select networking components (e.g., host firewalls).

International Organization for Standardization (ISO)

An international organization created for the purpose of developing various families of voluntary standards for information security, disaster recovery, business continuity, quality management, risk management, and others.

Internet

A global collection of interconnected computers and networks that use the TCP/IP (Transmission Control Protocol/Internet Protocol) to communicate with each other. At one time, the term Internet was used as an acronym for “interconnected networks.”

Internet of Things

The Internet of Things refers to a computing concept by which uniquely identifiable objects are able to identify themselves to and communicate with other devices over the Internet.

intranet

A computer network designed to be used within a business or company. An intranet is so named because it uses much of the same technology as the Internet. Web browsers, email, newsgroups, HTML documents, and websites are all found on intranets. In addition, the method for transmitting information on these networks is TCP/IP (Transmission Control Protocol/Internet Protocol). See Internet.

LAN

Acronym for local-area network. See local-area network.

license agreement

A contract that defines the scope of activities a licensee can engage in with regard to the database (e.g., use the data solely for internal use, distribute limited segments to others, combine the database with other data, etc.).

licensee

The party in a license agreement that is granted the right to use a database.

licensor

The party in a license agreement that owns the database and is granting a third party the right to use it.

local-area network

Abbreviated LAN. A network of computers and other devices generally located within a relatively limited area (e.g., within a particular office, building, or group of buildings).

log file

A record of activity or transactions that occur on a particular computer system.

metadata

Data about data. For example, it can refer to application metadata, which is embedded in the file it describes (such as information about the person who created the document, the date and time of creation, the number of times the document was edited and by whom, and the program used to create the document), or system metadata, which includes information about computer files not embedded within the file itself (such as information in a computer’s master file management system containing data regarding a file’s location, name, date of creation, modification, and access).

network map

A network map is a graphical depiction of the way in which the various computers, file servers, and peripherals on a network are interconnected. The map typically identifies the type and speed (bandwidth) of the connections.

NDA

An acronym for nondisclosure agreement. See nondisclosure agreement.

nondisclosure agreement (NDA)

An agreement, generally entered into at an early stage in a potential engagement, that governs the parties’ respective confidentiality obligations.

NOS

Acronym for network operating system. See file server.

object code

The machine-readable version of a computer program. See source code.

offshore

In the context of a professional service engagement, contractors who are located outside the United States.

Open Source

A program in which the source code is available to the general public for use or modification from its original design free of charge. Common Open Source licenses include the GNU General Public License, GNU Library General Public License, Artistic License, BSD license, Mozilla Public License, and other similar licenses listed at http://www.opensource.org/licenses. Open Source code is typically created as a collaborative effort in which programmers improve on the code and share the changes within the community.

operating system

Abbreviated OS. A program used to control the basic operation of a computer (e.g., storing and retrieving data from memory, controlling how information is displayed on the computer monitor, operating the central processing unit, and communicating with peripherals).

PaaS

The capability provided to the customer to deploy onto the cloud infrastructure customer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.

PC

Acronym for personal computer.

partition

A region of a hard disk treated by the computer’s operating system as a separate drive. Through the use of partitions, a computer with a single hard disk can appear to have two or more drives.

Payment Card Industry Data Security Standards (PCI DSS)

A robust and comprehensive set of standards and supporting materials created by the PCI Security Standards Council to enhance payment card data security.

peer-to-peer network

A type of network in which a group of personal computers is interconnected so that the hard disks, CD ROMs, files, and printers of each computer can be accessed from every other computer on the network. Peer-to-peer networks do not have a central file server. This type of system is used if less than a dozen computers will be networked.

personal digital assistant

Abbreviated PDA. PDAs range from compact personal electronic organizers (e.g., calendars, phone lists, brief notes) to the new breed of palm-size computers that are capable of running full-featured word-processing programs and spreadsheets and of browsing the Internet and sending and receiving email. These devices can hold hundreds, and soon thousands, of pages of information.

petabyte

A unit of measure for computer storage. 1 petabyte (PB) = 1,000,000,000,000,000 bytes = 1015 bytes = 1,000 terabytes.

proxy server

A server used to manage Internet-related traffic coming to and from a local-area network; can provide certain functionality (e.g., access control and caching of popular websites).

public key cryptography

An encryption method that uses a two-part key: a public key and a private key. Users generally distribute their public key but keep their private key to themselves. This is also known as asymmetric cryptography.

RAM

Acronym for random access memory. See random access memory.

random access memory

Abbreviated RAM. An integrated circuit into which data can be read or written by a microprocessor or other device. The memory is volatile and will be lost if the system is disconnected from its power source.

read-only memory

Abbreviated ROM. An integrated circuit into which information, data, or programs are permanently stored. The absence of electric current will not result in loss of memory.

ROM

Acronym for read-only memory. See read-only memory.

SaaS

Abbreviation for software as a service. It is the capability provided to the consumer to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

shrink-wrap agreement

An agreement that is included as part of the packaging or in the documentation accompanying a piece of software or equipment. In some cases, the CD containing the software may be provided in an envelope with the shrink-wrap agreement printed on the outside. Opening of the envelope indicates the user’s acceptance of the terms.

source code

The version of a computer program that can be read by humans. The source code is translated into machine-readable code by a program called a compiler. Access to the source code is required to understand how a computer program works or to modify the program. See object code.

stand-alone computer

A personal computer that is not connected to any other computer or network, except possibly through a modem.

structure databases

Databases with a high degree of organization, with designated data fields and defined relationships between the data fields.

sublicense

The ability of a party who is, itself, a licensee of a database to, in turn, grant licenses to the database to third parties.

terabyte

A unit of measure for computer storage. 1 terabyte (TB) = 1,000,000,000,000 bytes = 1012 bytes = 1,000 gigabytes.

third party

An entity that is not in contractual privity (e.g., a typical vendor subcontractor is not a party to the agreement between the vendor and the customer). In these situations, it is not possible to directly enforce the contract against the third party.

trending

A colloquialism to describe the popularity of an item (usually in social media) (e.g., if a topic is popular, it is “trending”).

unstructured databases

Are the opposite of structured databases. The data is raw and unorganized, making it difficult to search by traditional methods.

WAN

Acronym for wide-area network. See wide-area network.

web browser

A program used to view HTML pages on the World Wide Web.

web server

A computer on which a website is stored.

website

A collection of related HTML documents stored on the same computer and accessible to users of the Internet.

web-wrap agreement

A click-wrap agreement or other form of terms and conditions presented to the user in connection with use of a website or online service. The standard terms and conditions of use commonly found as a hyperlink on the first page of a website are an example of a web-wrap agreement.

wide-area network

Abbreviated WAN. A network of computers and other devices distributed over a broad geographic area.

workstation

A personal computer connected to a network. A workstation can also refer to a high-performance computer used for intensive graphics or numerical calculations.

yottabyte

A unit of measure for computer storage. 1 yottabyte (YB) = 1,000,000,000,000,000,000,000,000 bytes = 1024 bytes = 1,000 zettabytes.

zettabyte

A unit of measure for computer storage. 1 zettabyte (ZB) = 1,000,000,000,000,000,000,000 bytes = 1021 bytes = 1,000 exabytes = 1 billion terabytes.