ITS

Information Technology Services
Information Technology Services

Security Terminology

Term Definition
Access control the process of controlling access to applications at a granular level, such as per-user, per-group, and per-resources.
Antivirus or Antimalware Software a program specifically designed to detect many forms of malware and prevent them from infecting computers, as well as cleaning computers that have already been infected.
Asset people, facilities, information, systems, reputation, or other such resources that contribute to the success of queen’s and its mission.
Attacker a party who acts with malicious intent to compromise an information system.
Authentication Mechanism hardware or software-based mechanisms that forces users, devices, or processes to prove their identity before accessing data on an information system.
Authentication the process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data.
Authorization authorization is the process of determining the access permissions granted to a user, program, or process or the act of granting those privileges.
Awareness knowledge presented passively (e.G., emails, glossy, physical posters) with information to increase one’s security knowledge
Breach means the loss of, unauthorized access to or unauthorized disclosure of information or systems resulting from a compromise of an organizations security measures.
Classification classification is a method used by the institution to identify the sensitivity of data. The classification informs how data is handled commensurate with its sensitivity and importance.
Context what it is and how it affects data such as a unit of data like a name (john smith) has meaning when combined with another unit of data like a person’s affiliation to queen’s (student john smith). A student’s e-mail address, a patient’s date of birth….
Data a single unit often lacking context for instance, a ‘name’ without context may relate to the name of an exam, a person or animal.
Degauss/Degaussing degaussing is a process and a device which leaves the magnetic field representation of data on hard drives, floppy disks and magnetic tapes in random patterns, thereby rendering previous data unrecoverable. In most cases degaussing renders the magnetic media completely unusable and damages the storage system. Degaussing and physical destruction are considered the only truly secure means of disposing of magnetic storage media and devices.
Drive-by Downloads a drive-by download happens when a webpage downloads and installs malware to a system through the web browser, often without the user's knowledge. Visiting malicious or compromised webpages, or following illegitimate web links, can expose a user to a drive-by download.
Encryption encryption is the process of transforming information in plain text using a logical method called an algorithm, such that the information is unreadable to anyone who does not have the means to decrypt or un-encrypt it, often called the key.
Have I Been Pwned? an external website that provides information on whether an email address has been compromised as a result of a breach of a third-party (e.G. Linkedin, starwood hotels, yahoo) system.
Incident a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. Nist sp800-61r2
Information data in a specific context or meaning for example a completed student assignment, name of a student.
Information Steward the university officer or employee having primary responsibility for establishing policies and procedures relating to access, use, retention and destruction of sensitive information, and for ensuring that it is protected from unauthorized access or modification, and inappropriate use or disclosure, whether intentional or unintended.
Institutional Information information, including scholarly or research information or data, that is required for an academic or administrative process or is otherwise private to the university.
Legal Order a document in electronic or physical format containing rules or duties imposed on the institution or a member by a third-party for the management of information or technology; and may not include a dollar amount. For example, requirements in a non-disclosure agreement, third-party contract for technology, click-through agreement for software, terms and conditions on the use or maintenance of technology, or lawful request for information.
Member a staff, faculty, or student who requires access to it resources or institutional information for academic or administrative activity. (e.G., consultants, contractors, temporary hires)
Metadata the characteristics and definitions of information. Data about the information, such as the classification of the information or whether the information represents a date, is metadata.
Multi-factor Authentication (MFA) the use of multiple, separate factors (something you know like a password, something you have like a token, or who you are like a fingerprint) to verify identity prior to access. For example, two identifying components makes two-factor authentication (2fa).
Penetration testing penetration testing is a process used to probe the security of a system or application to determine if there are any security vulnerabilities which could be exploited by an attacker or stumbled upon by a person not authorized to access that system or application. Penetration testing often involves the use of the same tools an attacker might use to find "Holes" in a system's security, but with improving rather than exploiting the system's security as a goal. Penetration testing usually yields a list of potential vulnerabilities and recommendations for how the associated risks might be mitigated.
Ransomware ransomware is a form of malware designed to hold the user's browser, computer system or data for hostage until a demand is met. Once installed, a ransomware program will encrypt or otherwise block access to data, and demand payment from the user in order to retrieve the locked files.
Regulated data information governed by legislation (e.G. Freedom of information and protection of privacy act, personal health information protection act)
Security assessment a process to review the technical, administrative, and physical security controls of a system or application to identify potential risks to the confidentiality, integrity, or availability of the system or information stored, processed, or transmitted by the system.
Sensitive information institutional or personal information
Software virus a software virus, computer virus, or malware, is a program designed to install itself on a computer without the approval or knowledge of the person using that system, in order to disrupt the operation of the system, take control of it, or harvest what might be sensitive information stored on the system. In the realm of information technology, a virus is often used as a general term for more specific malevolent program more accurately classified as a trojan or worm. In some cases, a software virus will establish itself in one computer, and then attempt to propagate (spread) to other computers, such as those in the same branch of a network, or by sending itself to everyone in the user's address book.
Spoof the deliberate inducement of a user or resource to take incorrect action. Impersonating, masquerading, piggybacking, and mimicking are types of spoof.
Technical staff member a staff member of a unit who is responsible for the it resources.
Threat a potential event or act that could result in the loss of confidentiality, integrity, or availability of information or system. A threat may be deliberate, accidental, or natural cause.
Units a general term used for referring to departments and offices, faculties and schools, etc.

 

Acronym Explanation/Definition
2FA Two-Factor Authentication
802.1X IEEE Standard for port-based Network Access Control (PNAC). It provides an authentication mechanism to devices wishing to attach to a Local Area Network or Wide Area Network.
AD Associate Director OR Active Directory
ATO Authority to Operate
AV Antivirus
AVP Associate Vice Principal
CA Certificate Authority
CANARIE Canadian Network for the Advancement of Research, Industry and Education
CAUBO Canadian Association of University Business Officers
CCIRC Canadian Cyber Incident Response Centre
CCTV Closed-circuit Television
CDN Content Delivery Network
CIO Chief Information Officer
CISO Chief Information Security Officer
CMDB Configuration Management Database
CNSSI Committee on National Security Systems – Instruction (U.S. government)
CPO Chief Privacy Officer
CSIS Canadian Security Intelligence Service
CUCCIO Canadian University Council of Chief Information Officers
DCS Data Classification Scheme
DDOS Distributed Denial-of-Service
DIR Director
DLP Data Loss Prevention
DNS Domain Name Server (or System) is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network
DOS Denial of Service
EITAC Enterprise Information Technology Advisory Committee
EOP Microsoft’s Exchange Online Protection
ERM Enterprise Risk Management
FIPPA Freedom of Information and Protection of Privacy Act (Ontario)
FTE Full-time Equivalent
FTP File Transfer Protocol
GDPR UK’s General Data Protection Regulation
GRC Governance, Risk and Compliance
HVAC Heating, Ventilation, Air Conditioning
IDAM Identify and Access Management
IDM Identity Management
IDS Intrusion Detection System
IOPS Infrastructure Operations
IP Internet Protocol
IPAM Internet Protocol Address Management
IPS Intrusion Prevention System
ISO Information Security Officer
ISP Internet Service Provider
IT Information Technology
IT ADMIN REP IT Administrative Representative
ITS Information Technology Services
ITIL Information Technology Infrastructure Library
ITRACK IT Services ticket and issue tracking system. The vendor’s system is called FootPrints.
ITSC IT Support Centre
LDAP Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network
N/A Not Applicable
NAT Network Address Translation
NET3 Level 3 IT Services network analyst
NGFW Next Generation Firewall
NIST National Institute of Standards and Technology
NIST SP NIST Special Publication
OCEG Open Compliance and Ethics Group
ORION Ontario Research and Innovation Optical Network
OS Operating System
PAT Port Address Translation
PBX Private Branch Exchange
PCI Payment Card Industry
PHIPA Personal Health Information Protection Act (Ontario)
QERMF Queen’s Enterprise Risk Management Framework
QOS Quality of Service
RACI A model used primarily to identify roles as Accountable, Responsible, Consulted, Informed
RCMP Royal Canadian Mounted Police
RDG Reverse Direction Grant
REN-ISAC Research & Education Networking Information Sharing & Analysis Center
RFP Request for Proposal
SCCM System Center Configuration Manager (Microsoft)
SCEP Microsoft’s System Center Endpoint Protection
SCOM Microsoft’s System Center Operations Manager is a cross-platform data centre management system for operating systems and hypervisors
SDL Security Development Lifecycle
SIEM Security Information and Event Management
SOC Security Operations Centre
SOP Standard Operating Procedure
SQL Structured Query Language
SSIG Security Special Interest Group
SSL SSL, or Secure Sockets Layer, are cryptographic protocols that provide security and data integrity for transmission of information over the Internet, including passwords. Secure Sockets Layer protocols are being replaced by Transport Layer Security (TLS) protocols as the Internet evolves.
SSO Single Sign-on
TACACS Terminal Access Controller Access-Control System refers to a family of related protocols handling remote authentication and related services for networked access control through a centralized server
TCP/IP The Transmission Control Protocol and Internet Protocol, which are also known as the Internet Protocol Suite, is the basic communication language of the Internet.
URL Universal Resource Locator
UTM Unified Threat Management [system]
VM Virtual Machine
VOIP Voice-over-Internet Protocol
VP Vice-Principal or Vice-Provost
VPN Virtual Private Network. A VPN is a form of communication over networks that are public in ownership but emulate a private network in terms of security.
VPFA Vice-Principal (Finance and Administration)
WAN Wide-Area Network
WPA2 WPA2, or Wi-Fi Protected Access, is an interoperable protocol that requires users to authenticate to the network and provides encrypted communication over wireless networks. Information transmitted over open or unsecure wireless networks which do not use the WPA2 protocol is vulnerable to eavesdropping by others using the wireless network, and thus should not be used to transmit passwords or access sensitive information.