Term | Definition |
Consumer rights | Established rules on how consumers and their information should be handled during an e-commerce transaction. |
Data privacy | The laws that set expectations on how your personal information should be protected and limits place on how the data should be shared. |
Evidence | 1. Information that supports a conclusion. 2. Material presented to a regulator to show compliance. |
Information security risk
assessment | A formal process to identify threats, potential attacks,
and impacts to an organization. |
Information Technology and
Infrastructure Library (ITIL) | A framework that contains a comprehensive list of concepts, practices, and processes for managing IT services. |
Internet filters | Software that blocks access to specific sites on the Internet. |
Opt-in | The practice of agreeing to use of personal information beyond its original purpose. An example of opt-in is asking a consumer who just sold his or her home if the real-estate company can share the consumer’s information with a moving company. |
Opt-out | The practice of declining permission
to use personal information beyond original
purpose. Ex: a consumer who just sold
his or her home may decline permission for the
real estate company to share his or her information
with a moving company. |
Payment Card Industry Data
Security Standard (PCI DSS) | A worldwide information security standard that describes how to protect credit card information. If you accept Visa, MasterCard, or American Express, you are required to follow PCI DSS. |
Personal privacy | In e-commerce, broadly deals with how personal information is handled and what it used for. |
Security control mapping | When related to compliance, it’s the mapping of regulatory requirements to policies and controls. |
Shareholder | A person who buys stock in a company (investor). |
Statement on Auditing Standard
70 (SAS 70) | A widely accepted auditing standard created by the American Institute of Certified Public Accountants
(AICPA). A SAS 70 audit examines an organization’s control environment. This usually includes an audit of the information security controls. |