Glossary
ABBREVIATIONS
AC | Algonquin College |
C&A | Certification and Accreditation |
FIPPA | Freedom of Information and Protection of Privacy Act (Ontario) |
GRC | Governance, Risk and Compliance |
InfoSec | Information Security |
ITS | Information Technology Services |
ITSec | Information Technology Security |
PHIPA | Personal Health Information Protection Act (Ontario) |
PIA | Privacy Impact Assessment |
PII | Personally Identifiable Information |
PIPEDA | Protection of Information and Electronic Documents Act (Canada) |
PHI | Personal Health Information |
TRA | Threat and Risk Assessment |
ISU | Information Security Unit |
ISA | International Standards Association |
SoS | Statement of Sensitivity |
DEFINITIONS
Malware
Short for malicious software, software that disrupts or damages a computer’s operation, gathers sensitive or private information, or gains access to private computer systems; may include botnets, viruses, worms, Trojans, keyloggers, spyware, adware, and rootkits.
- Botnet: A network of private computers, each of which is called a “bot” (short for “robot”) infected with malicious software (malware) and controlled as a group without the owners’ knowledge for nefarious and, often, criminal purposes. Infected computers are also referred to as “zombies.”
- Virus: A form of malware that has a reproductive capacity to transfer itself from one computer to another spreading infections between online devices.
- Worm: A type of malware that replicates itself over and over within a computer.
- Trojan: A form of malware that gives an unauthorized user access to a computer.
- Spyware: A form of malware that quietly sends information about a user’s browsing and computing habits back to a server that gathers and saves data.
- Adware: A form of malware that allows popup ads on a computer system, ultimately taking over a user’s Internet browsing.
- Rootkit: A form of malware that opens a permanent “back door” into a computer system; once installed, a rootkit will allow more and more viruses to infect a computer as various hackers find the vulnerable computer exposed and attack.
Phishing
Sending emails that attempt to fraudulently acquire personal information, such as usernames, passwords, social security numbers, and credit card numbers, by masquerading as a trustworthy entity, such as a popular social web site, financial site, or online payment processor; often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
SMiShing
An alternative form of phishing that occurs via text or SMS message.
Spyware
A type of malware (malicious software) installed on computers that collects information about users without their knowledge; can collect Internet surfing habits, user logins and passwords, bank or credit account information, and other data entered into a computer; often difficult to remove, it can also change a computer’s configuration resulting in slow Internet connection speeds, a surge in pop-up advertisements, and unauthorized changes in browser settings or functionality of other software.
Spam
The use of electronic messaging systems to send unsolicited bulk messages (usually advertising or other irrelevant posts) to large lists of email addresses indiscriminately.