Definitions | Information Protection @ MIT

Application

Software running on a server that is remotely accessible, including mobile applications.

Data Owner

The individual or organizational entity having primary responsibility for creating and/or maintaining the data or information.

Encryption

Encryption makes your information readable only with a key or passcode. Password protection, while useful, is not as secure as encryption. Encryption can be enabled on a computer using software applications such as BitLocker or FileVault.

Endpoint

A computer device such as a desktop workstation, mobile phone, tablet, or laptop.

FERPA

The Family Educational Rights and Privacy Act of 1974 that requires protection of student information.

HIPAA

The Health Insurance Portability and Accountability Act of 1996 that requires protection of health information; HITECH Act 2009 expanded HIPAA to include notification requirement.

Identity Theft

Identity theft is the illegal use of another person’s identifying information in order to steal money or get other benefits.

Malware

Malicious software that infects a device and can cause many types of harm. Malware allows an attacker to exfiltrate or corrupt information, steal credentials or computing resources, launch attacks on other systems, or disable the computing device.

Media

Any portable data storage method such as paper hard copies, external USB hard drives, CDs/DVDs, etc.

PCI-DSS

Payment Card Industry Data Security Standard – requirements for anyone accepting credit cards. Learn more.

Phishing

An email message that may look legitimate (e.g., from your bank) but is really a type of social engineering attempt to acquire sensitive information, such as user ID and password, or to infect the targeted computer with malware.

PIRN (Personal Information Requiring Notification)

PIRN is an MIT acronym, which is currently equivalent to “personal information” under Massachusetts 201 CMR §17, and is defined as a person's first name and last name or first initial and last name in combination with any one or more of the following information elements that relate to such a person:

Social security number (SSN);
Driver's license number or state-issued identification card number; or
Financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that PIRN shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

Redaction

Redaction is the process of sanitizing (removing) unnecessary information from a file to get rid of sensitive or private content. It is more than obscuring or hiding the information. Redaction can be done with electronic files using tools such as Spirion and Adobe Acrobat. It can be done with paper files as well by cutting out or blacking out the information so that it is illegible.

Server

A host that provides a network accessible service.

Spirion (formerly Identity Finder)

Software to assist with finding PIRN on laptops/desktops.

System Administrator

A person who is responsible for the upkeep, configuration, and reliable operation of a computer system, service, or application.

User

A person who utilizes a computer or network system, service, or application.

Virtual Private Network (VPN)

A VPN is a secure "tunnel" between two or more devices. VPNs are used to protect private web traffic from snooping, interference, and censorship.

Whole Disk Encryption

Software that encrypts everything on a user’s hard drive. If the computer is lost or stolen the information is unreadable.