Security & Privacy: Definitions

General terms

• Cybersecurity: This broad term encompasses all aspects of protecting computer systems, networks, and data from unauthorized access, damage, or theft.
• Digital Privacy: This refers to an individual’s ability to control and protect access to their personal information online, including details like name, address, email, and financial data.
• Data Protection: This term signifies the strategic and procedural steps undertaken to safeguard the privacy, availability, and integrity of sensitive data. 

Elements of security

• Encryption: The process of converting information into a code to prevent unauthorized access.
• Firewall: A network security device that acts as a barrier, controlling incoming and outgoing network traffic based on predefined security rules.
• Authentication: The process of verifying a user’s identity, ensuring that only authorized users have access to systems and information. Multi-factor authentication (MFA) or two-factor authentication (2FA) involve using two or more methods to verify identity, enhancing security.
• Access Control: Mechanisms that restrict access to data or functions to only authorized users.
• Malware: Malicious software designed to disrupt computer systems, steal data, or create other vulnerabilities.
• Antivirus: Software designed to detect, prevent, and remove malware from computers.
• Virtual Private Network (VPN): Encrypted internet connection that provides a secure, private network connection for safe data transmission. 

Elements of privacy

• Consent: An individual’s permission to process their information in a specific way. This can be opt-in (permission required before data use) or opt-out (data use allowed until requested to stop).
• Anonymity: The ability to remain unidentifiable while online.
• Confidentiality: Ensuring that sensitive data is only available to authorized people.
• Integrity: Maintaining the accuracy and reliability of data, preventing unauthorized changes.
• Non-Repudiation: Ensuring actions are trackable and undeniable, ensuring accountability. 

Threats to security and privacy

• Phishing: Fraudulent attempts to obtain sensitive information by impersonating a trustworthy entity in electronic communication.
• Spoofing: Disguising one’s identity as a trusted source to deceive users and gain access to information or resources.
• Social Engineering: Exploiting human trust to gain access to data or systems.
• Data Breach: A security incident where unauthorized access to or disclosure of sensitive data occurs.
• DDoS (Distributed Denial of Service) Attack: Overwhelming a server with traffic to prevent legitimate users from accessing a network, site, or system.
• Identity Theft: Unauthorized access to and use of personal identifying information to commit fraud.
• Ransomware: A type of malware that encrypts data, blocking access until a ransom is paid. 

Note: While data privacy and data protection are closely related and often used interchangeably, they have distinct differences. Data privacy is focused on defining who has access to data, while data protection provides the tools and policies to restrict that access. Data security focuses on protecting data from external attackers and malicious insiders, while data privacy governs how data is collected, shared, and used. Visit our Resource Center and find guidelines and tips to protect your privacy.