Skip to ContentGo to accessibility pageKeyboard shortcuts menu
OpenStax Logo

accountability
principle that people and entities must take responsibility for the decisions they make and be able to explain them
action plan
detailed outline of steps to be taken to achieve a particular goal, often aimed at mitigating risk or improving performance
audit
process of evaluating the adequacy, effectiveness, and adherence to prescribed procedures, protocols, or standards
bad actor
person or entity who hacks or cracks into a computer or system with malicious intent
California Consumer Privacy Act (CCPA)
law that increases privacy rights and consumer protection for residents of California
certification body
organization accredited to assess and certify the conformity of companies and organizations to specific standards, ensuring they meet the established criteria in their industry or sector
compliance
adherence to laws, regulations, and policies governing an industry or operation
consent
in the context of data protection, explicit permission given by an individual for the collection, processing, and use of their personal information
cyber espionage
use of online methods to obtain secret or confidential information without the permission of the holder of the information, typically for strategic, military, or political advantage
data breach
unauthorized access to confidential data, often leading to the exposure of sensitive information
data center
facility used to house computer systems and related components, such as telecommunications and storage systems
data mapping tool
software application or platform that enables data professionals to automate the process of mapping data fields, attributes, or elements from source systems to target systems or destinations
data minimization
principle that organizations should only collect, process, and store the minimum amount of personal data necessary for its purpose
data privacy
rights and practices around the proper collection, storage, and use of personal information
data protection impact assessment (DPIA)
process to help identify and minimize the data protection risks of a project
data security
protection of data from unauthorized access, corruption, or theft
digital divide
gap between individuals, communities, or countries that have access to modern information and communication technologies and those that do not
error handling
process in software and systems design where potential errors are systematically managed and addressed to prevent system failures and security breaches, and to provide meaningful feedback to users
gap analysis
method for comparing current policies, protocols, or performance metrics against desired goals or industry standards to identify areas for improvement
General Data Protection Regulation (GDPR)
comprehensive data protection law in the European Union that sets guidelines for the collection and processing of personal information of individuals within the EU
identity theft
act of stealing someone’s information and assuming their identity
IEEE 2413
architectural framework for IoT developed by the Institute of Electrical and Electronics Engineers (IEEE) to standardize and promote cross-domain interaction
input validation
process of checking inputs received from users or from other systems for their data type, length, format, and range
Internet of Things (IoT)
network that connects everyday physical objects to the internet, enabling them to collect and share data with other devices or systems
ISO/IEC 27701
extension to the ISO/IEC 27001 and ISO/IEC 27002 standards that provides guidelines for establishing, implementing, and maintaining a privacy information management system
least privilege principle
cybersecurity practice where users are granted the minimum levels of access, or permissions, needed to perform their job functions, reducing the risk of unauthorized access to sensitive information
physical security
measures and systems used to protect people, property, and physical assets from external threats such as theft, vandalism, and natural disasters
policy
defined guidelines and procedures established by an organization to regulate actions and ensure compliance with legal and ethical standards
Privacy by Design
privacy by design concept and approach in system engineering and data handling practices that integrates privacy and data protection measures from the very beginning of the design process, rather than as an afterthought
privacy engineering
incorporating privacy principles directly into the design and development of IT systems, networks, and business practices
privacy information management system (PIMS)
framework or set of policies and procedures used by an organization to manage personal data and ensure compliance with privacy laws and regulations
regulatory framework
structure of rules and guidelines, often legislated, within which an industry or business must operate
remote auditing
modern auditing method that uses digital tools and technologies for assessing systems, processes, and policies when in-person visits are not feasible
risk assessment
process of identifying potential risks that could negatively impact an organization’s assets and business operations and evaluating the potential negative outcomes and the likelihood of them occurring
secure device onboarding
process that involves adding devices to a network in a secure manner to prevent unauthorized access and protect the integrity of the network
social responsibility
in a business context, the obligation of companies to act in ways that benefit society and the environment beyond what is legally required
third-party access
ability for external entities or applications, not part of the primary institution, to access certain data or functionalities
transparency
openness, communication, and accountability, wherein actions and decisions are clear and understandable to stakeholders
Citation/Attribution

This book may not be used in the training of large language models or otherwise be ingested into large language models or generative AI offerings without OpenStax's permission.

Want to cite, share, or modify this book? This book uses the Creative Commons Attribution-NonCommercial-ShareAlike License and you must attribute OpenStax.

Attribution information
  • If you are redistributing all or part of this book in a print format, then you must include on every physical page the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
  • If you are redistributing all or part of this book in a digital format, then you must include on every digital page view the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
Citation information

© Mar 11, 2025 OpenStax. Textbook content produced by OpenStax is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike License . The OpenStax name, OpenStax logo, OpenStax book covers, OpenStax CNX name, and OpenStax CNX logo are not subject to the Creative Commons license and may not be reproduced without the prior and express written consent of Rice University.