The VENZA Glossary
We have prepared a handy glossary of the most common terms related to cybersecurity, phishing, privacy regulation, and social engineering. If you don’t find what you need, please don’t hesitate to let us know!
Information Security, PCI & Phishing
Malicious software. A program designed specifically to cause harm to a computer, network, or data. Viruses, trojans, worms, adware, ransomware, scareware, and spyware are all considered forms of malware.
When customers pay with their smartphones through mobile-based readers or terminals, near-field or other close-range communications, or mobile apps.
Identifies recommendations for password creation.
The Payment Card Industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.
The Payment Card Industry Security Standards Council was formed by the major card issuers (American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International) to manage the ongoing evolution of the Payment Card Industry Data Security Standard (PCI DSS).
The PCI DSS consists of 12 requirements with multiple sub-requirements that contain directives against which businesses may measure their own payment card security policies, procedures and guidelines. Compliance efforts and acceptance must be completed on a periodic basis.
A breach of security that caused an accidental or intentional loss, destruction, disclosure or access to processed or transmitted personal data.
A misspelling of “Fishing,” based on the idea of using social engineering techniques (bait) to tempt users (fish) to divulge information. In a phishing attack, content is sent that is designed to entice users to click a link to a spoofed web page or send information directly in response to the phishing email. Phishing emails use social engineering techniques, giving hackers potential access to usernames, passwords, company tax records, banking and financial data, and more. Though email is the most common vector of phishing attacks, they also occur via online advertising and SMS. See this article for more information on Phishing and how Venza can help.
Cryptolocker, Locky, Petya, and Jigsaw are all well-known variants of ransomware, and there are many more. Ransomware has existed for many years, but with the rise of virtual currencies, it has become more widespread due to the ability of the sender and receiver of the ransom payment to remain anonymous. Over 91% of ransomware attacks begin with a phishing email, resulting in millions of dollars of lost revenue to businesses each year.
A phishing attack focused on a specific person or group of people, often purporting to be sent from a person or company well known to the target. Celebrities, corporate officers, and government officials are often the target of this form of attack. See “Whaling.”
An attack in which information used to identify the legitimacy of a message or other transaction is replaced with false information in order to gain some advantage. Domain names, email sender addresses, and other information may all be spoofed, leading an unwary user to believe that an email comes from a trusted user or a web site is legitimate rather than illegitimate.
A phishing attack against a corporate executive. C-level executives in a corporation control and have access to secure information, bank records, and account credentials. Whaling attacks are an attempt to gain access to funds or information by gaining the confidence of highly placed individuals. Successful Whaling attacks are usually the payout of a “long con,” involving much contact over an extended period of time in order to build trust using social engineering techniques.
Social Engineering
Leaving USB drives in random places; when inserted, a virus is installed.
Pulling personal information from a trash can or a dumpster.
When criminals use stolen PII to create a “new” identity.
Stealing personal data from a cell phone while at a public charging station.
Details the process for disposing of sensitive paperwork.
Abbreviated MITM, a Man-in-the-Middle attack is a form of exploit where the attacker relays and possibly alters communications between two parties in secret. The parties on each end of the communication believe they are directly communicating. MITM attacks can be used for simple eavesdropping, or to make parties disclose information by requesting it directly during the course of the attack.
Hacking computers at a distance of 100 yards, using wireless devices.
Convincing authorized personnel to let you follow them into a secure area.
Using psychological manipulation techniques in an attempt to convince victims to divulge sensitive information or to open a link or document. Phishing and ransomware rely on social engineering techniques to dupe users into navigating to suspicious links or opening documents with viral payloads.
Following an authorized person into a secure area without permission.
A caller poses as a legitimate institution to extract personal information.
Privacy Regulation
A key aspect of an information security plan – understanding responsibilities and expectations of those individuals that have access to data and how they comply with principles.
The process by which data is altered so that it can no longer be traced.
Leaving USB drives in random places; when inserted, a virus is installed.
The use of PI for the business’ or a service provider’s operational purposes, provided that the use of personal information is reasonably necessary and proportionate to achieve the operational purpose.
An informed, unambiguous and freely permitted data submission by an individual to have information relating to him or her processed, shared or stored.
An informed, unambiguous and freely permitted data submission by an individual to have information relating to him or her processed, shared or stored.
An approach to designing any application, service or product that considers the right to data protection.
The way to identify risks related to the processing of data.
An identified or identifiable natural person.
Data collected directly from individuals; this can be customers, site visitors or even social media followers.
Opt-In means that an individual makes an affirmative indication of choice by signaling a desire to share his or her information with third parties. Opt-out refers to the lack of action that implies that a choice has been made; unless, say, individual checks or unchecks a box, his or her information will be shared with third parties.
Any action or set of actions that is performed on personal data or sets of data, whether automated or not.
The natural or legal person, public authority or other body which processes data on behalf of the controller.
The processing of personal data in such a manner that the personal data can no longer be attributed to an individual without the use of additional information.
An individual’s right to request and receive personal data from a business or other organization.
An individual’s right to object to the processing of personal data by a business or other organization.
Taking appropriate measures to provide any information relating to processing to the data subject in a concise, intelligible and easily accessible form, using clear and plain language.