Data Security Terminology

Stands for Database Activity Monitoring (sometimes called DbAM) and uses behavior analytics and other tools to detect and identify unauthorized and potentially fraudulent behavior with sensitive data. Unfortunately for DAM, cloud-resident sensitive data resides in more virtual places than a structured database.

Stands for Data Detection and Response, a cloud version of DLP that provides dynamic monitoring of log analytics to detect data risks as they occur and generate alerts to guide response and remediation.

Short for Data Leak Prevention or Data Loss Prevention, refers to a security measure that safeguards sensitive data, typically files, from being shared beyond the organization or accessed by unauthorized individuals within the organization. This is accomplished through the implementation of policies that encrypt data or regulate sharing settings. Implements access rights and the policy of “least privilege,” where no individual possesses more authority to use specific compute resources, files, or services than the minimum required to fulfill their work role. Also enables logging usage of resources for forensic analysis.

Data categorization involves classifying data into distinct groups based on similarities among their entities. Data privacy and security professionals use this categorization to assign sensitivity levels such as high, medium, or low to the data.

The systematic procedure of arranging data into meaningful categories, facilitating easier retrieval, sorting, utilization, storage, and protection of the data.

Data flow in communications refers to the route followed by a message from its point of origin to the intended destination, encompassing all the intermediate nodes through which the data traverses.

A data flow diagram is a visual representation that depicts the movement of information within a process or system. It showcases data inputs and outputs, data stores, and the different sub-processes through which the data flows.

Data inventory, often called records of authority, identifies personal data present in systems and aids in mapping how data is stored and shared. Data inventories are specifically defined and required under privacy regulations such as the GDPR, CCPA, and CPRA.

A legal concept that encompasses laws and regulations designed to safeguard the personal data of individuals and ensure its fair and appropriate usage.

The extensive accumulation of data that occurs daily within organizations. It encompasses the generation and accumulation of substantial volumes of digital information by businesses.

Information that has undergone encryption, a process of transforming plain text into cipher text. It ensures that only authorized parties possess the ability to decrypt and access the information, while preventing any unauthorized tampering by third parties. Unencrypted data refers to information or data that is stored without any protective encryption. ‍

Stands for General Data Protection Regulation, a comprehensive data protection law that applies to all 28 member states of the European Union. The primary objective of the GDPR is to establish stringent standards for data protection while unifying data protection regulations across the entire EU or wherever EU citizens reside.

Ghost data are backups or snapshots of data stores that persist even after the original data was deleted. It falls under the category of shadow data, which encompasses unmanaged copies of data stores, as well as snapshots or log data that are not included in an organization’s backup and recovery plans.

An insider threat refers to any individual who possesses internal access to an organization’s networks or resources, enabling them to exploit security vulnerabilities or engage in data theft within the organization.

The principle of least privilege dictates that users should be assigned the minimum level of permissions required to carry out their designated tasks.

Misconfiguration refers to the perilous or unauthorized setup of an account configuration that has the potential to result in a compromise. Often, this occurs when well-intentioned users attempt to address immediate business challenges. Despite the absence of malicious intent, misconfiguration stands as the primary cause of data loss or compromise.

Misplaced data refers to the situation where data is transferred from an authorized environment to an unauthorized one. When unauthorized data is stored in an environment that is not intended for such data, it can result in data leaks, security breaches, non-compliance with regulations, and other detrimental consequences.

Stands for Protected Health Information, which refers to personal health information that is safeguarded under the HIPAA Privacy Rule. This rule establishes federal protections for PHI held by covered entities and grants patients various rights concerning their health information.

PII stands for Personally Identifiable Information, which encompasses any form of information that allows the identity of an individual to be reasonably inferred, either directly or indirectly. Examples of PII include social security numbers (SSN), passport numbers, driver’s license numbers, taxpayer identification numbers, patient identification numbers, financial account numbers, credit card numbers, personal address information such as street address or email address, and personal telephone numbers.

Within the domain of cybersecurity, a risk assessment entails a thorough examination of an organization to pinpoint vulnerabilities and threats. The primary objective of a risk assessment is to identify the risks faced by an organization and provide recommendations to mitigate those risks.

Refers to information that is safeguarded against unauthorized disclosures due to legal, ethical, privacy, financial, or other significant reasons. It encompasses various types of data, including but not limited to health data, personal information, and confidential information such as trade secrets.

Shadow SaaS refers to an unauthorized cloud application that is connected, often through API integration, to an organization’s SaaS or IaaS infrastructure. It gains access to corporate data without explicit permission from the organization.

Structured data is presented in a standardized, well-defined format that can be easily understood by both humans and computer programs. This type of data is commonly stored in databases. While structured data accounts for only 20 percent of the overall stored data globally, its accessibility and reliable outcomes make it the fundamental basis for contemporary big data research and applications.

Unmanaged data stores refer to deployments that require full support from development or infrastructure teams without relying on assistance from the cloud service provider. In such cases, the responsibility of managing and maintaining these data stores solely rests with the organization’s internal teams.

Unstructured data refers to data that does not adhere to a predefined organizational model or format. It is often characterized by being text-heavy, although it can also encompass facts, figures, and time and date information. The absence of a consistent structure and the presence of irregularities and ambiguities make unstructured data more challenging for computer programs to comprehend compared to data stored in databases with well-defined fields or annotated documents. Estimates suggest that unstructured data constitutes a significant portion of global data, and its volume is rapidly expanding.