Access: The ability or the means necessary to read, write, modify, or communicate data/information. To gain entry to memory in order to read or write data. The entrance to the Internet or other online service or network.

Access control: A cohesive set of procedures (including management, technical, physical, and personnel procedures) that are designed to assure to a given level of reliability that an individual:

• is the person he or she claims to be (authentication),
• has a verified public health need to have access to surveillance systems and information,
• has been authorized to perform the action or access the data, and
• is doing so from an authorized place using an authorized process.

ACL: Short for AccessControl List, ACL is a listing that tells a computer operating system or other network devices what rights a user has to each item on a computer or network device.

Adware: 1) (ADvertisementWARE) Software that periodically pops up ads in a user's computer. Adware is considered spyware and is installed without the user's knowledge. It typically displays targeted ads based on words searched for on the Web or derived from the user's surfing habits that have been periodically sent in the background to a spyware Web server. 2) (AD supported softWARE) Software that is given away because it contains advertising messages.

Aggregated data: Information, usually summary statistics, that may be compiled from personal information, but is grouped in a manner to preclude the identification of individual cases. An example of properly aggregated data might be, ' Whiteacre County reported 1,234 cases of AIDS during 1997 among Hispanics.' An example of improperly aggregated data might be, ' Blackacre County reported 1,234 cases of AIDS during 1997 among Hispanics and 1 case among American Indians.'

Analysis data, datasets, or database: A dataset created by removing personal data (e.g., names, addresses, ZIP codes, and telephone numbers) so the record or records cannot be linked to an individual, but still allows the remaining data to be analyzed.

Antivirus program: A software program designed to protect a computer and/or network against computer viruses. When a virus is detected, the computer will generally prompt the user that a virus has been detected and recommend an action such as deleting the virus.

Authentication: Verifying the identity of a user who is logging onto a computer system or verifying the origin of a transmitted message. Authentication depends on four classes of data, generally summarized as 'what you know,' 'what you have,' 'what you are,' and 'what you do.'

Authorized access: As determined by the ORP or a designee, the permission granted to individuals to see full or partial HIV/AIDS surveillance information and data that potentially could be identifying or linked to an individual. The ORP or designee should make these determinations according to role-based (or need-to-know) responsibilities.

Authorized personnel: Those individuals employed by the program who, in order to carry out their assigned duties, have been granted access to confidential HIV/AIDS surveillance information. Authorized personnel must have a current, signed, approved, and binding nondisclosure agreement on file.

Availability: The accessibility of a system resource in a timely manner; for example, the measurement of a system's uptime. Availability is one of the six fundamental components of information security.

Biometrics: The biological identification of a person, which includes characteristics of structure and of action such as iris and retinal patterns, hand geometry, fingerprints, voice responses to challenges, and the dynamics of handwritten signatures. Biometrics are a more secure form of authentication than typing passwords or even using smart cards, which can be stolen; however, some forms have relatively high failure rates. Biometric authentication is often a secondary mechanism in two-factor authentication.

Biometric signature: The characteristics of a person's handwritten signature. The pen pressure and duration of the signing process, which is done on a digital-based pen tablet, is recorded as an algorithm that is compared against future signatures.

BIOS (basic input/output system): The built-in software that determines what a computer can do without accessing programs from a disk. On personal computers, the BIOS contains all the code required to control the keyboard, display screen, disk drives, serial communications, and a number of miscellaneous functions.

The BIOS is typically placed in a Read-Only Memory (ROM) chip that comes with the computer (it is often called a ROM BIOS). This ensures that the BIOS will always be available and will not be damaged by disk failures. It also makes it possible for a computer to boot itself. Because Random-Access Memory (RAM) is faster than ROM, many computer manufacturers design systems so that the BIOS is copied from ROM to RAM each time the computer is booted. This is known as shadowing. Many modern PCs have flash BIOS, which means that the BIOS has been recorded on a flash memory chip, which can be updated if necessary.

Breach: A breach is a condition of departure from established policies or procedures. A breach can only be understood in view of a written reference point that describes the desired condition and the link between that condition and the surveillance objectives associated with maintaining the condition. A breach is an infraction or violation of a standard, obligation, or law. A breach in data security would include any unauthorized use of data, even data without names. A breach, in its broadest sense, may be caused by an act of God, a person, or an application/system and may be malicious in nature or purely unintended. An example of a malicious breach would be if staff intentionally, but without authorization, released patient names to the public. An example of an unintended breach would be if completed HIV/AIDS case reports were inadvertently mailed to and read by an unauthorized individual. A breach does not necessarily mean that sensitive information was released to the public or that any one person was harmed. A minor infraction, like forgetting to lock a file drawer containing sensitive information (even if inside a secure area), constitutes a breach of security protocol as compared with a breach of confidentiality.

Other examples of possible breaches:

• A hacker gains access to an internal machine via the Internet or a dial-up connection.
• A trusted programmer introduces a program into the production environment that does not behave within expected limits.
• A technician creates a backdoor into the operation of a system, even for positive and beneficial reasons, that alters the information protection provided.
• After having been entered into a computerized file, confidential forms are left for removal in the standard paper waste process in an openly accessible location.

Breach of confidentiality: A security infraction that results in the release of private information with or without harm to one or more individuals.

Case-specific information: Any combination of data elements that could identify a person reported to the surveillance system. An example of case-specific information without a name might be, 'A woman with hemophilia from Whiteacre County was diagnosed with AIDS in 1997.'

Certificate: See Digital certificate.

Certification authority or certificate authority: An organization that issues digital certificates (digital IDs) and makes its public key widely available to its intended audience.

Checksum: A value used to ensure data are stored or transmitted without error. It is created by calculating the binary values in a block of data using some algorithm and storing the results with the data. When the data are retrieved from memory or received at the other end of a network, a new checksum is computed and matched against the existing checksum. A nonmatch indicates an error. Just as a check digit tests the accuracy of a single number, a checksum tests a block of data. Checksums detect single bit errors and some multiple bit errors, but are not as effective as the Classes, Responsibilities, and Collaborations (CRC) design method. Checksums are also used by the Sophos antivirus software to determine if a file has changed since the last time it was scanned for a virus.

Ciphertext: Data that have been coded (enciphered, encrypted, encoded) for security purposes. Contrast with plaintext and cleartext.

CISSP: The Certified Information Systems Security Professional (CISSP) exam is designed to ensure that someone handling computer security for an organization or client has mastered a standardized body of knowledge. The certification was developed and is maintained by the International Information Systems Security Certification Consortium (ISC²). The exam certifies security professionals in 10 different areas:

• Access control systems and methodology
• Application and systems development security
• Business continuity planning & disaster recovery planning
• Cryptography
• Law, investigation, and ethics
• Operations security
• Physical security
• Security architecture and models
• Security management practices
• Telecommunications and networking security

Cleartext: Same as plaintext.

Confidential information: Any information about an identifiable person or establishment, when the person or establishment providing the data or described in it has not given consent to make that information public and was assured confidentiality when the information was provided.

Confidentiality: The protection of private information collected by the surveillance system.

Confidential record: A record containing private information about an individual or establishment.

Cookies: Data created by a Web server that are stored on a user's computer either temporarily for that session only or permanently on the hard disk (persistent cookie). Cookies provide a way for the Web site to identify users and keep track of their preferences. They are commonly used to maintain the state of the session. The cookies contain a range of Uniform Resource Locators (URLs, or addresses) for which they are valid. When the Web browser or other Hypertext Transfer Protocol (HTTP) application sends a request to a Web server with those URLs again, it also sends along the related cookies. For example, if the user ID and password are stored in a cookie, it saves the user from typing in the same information all over again when accessing that service the next time. By retaining user history, cookies allow the Web site to tailor the pages and create a custom experience for that individual. A lot of personal data reside in the cookie files on the computer. As a result, this storehouse of private information is sometimes the object of attack. A browser can be configured to prevent cookies, but turning them off entirely can limit the Web features. Browser settings typically default to allowing first party cookies, which are generally safe because they are only sent back to the Web site that created them. Third party cookies are risky because they are sent back to sites other than the one that created them. To change settings, look for the cookie options in the Options or Preferences menu within the browser.

Cookie poisoning: The modification of or theft of a cookie in a user's machine by an attacker in order to release personal information. Cookies that log onto password-protected Web sites automatically send username and password. Thieves can thus use their own computers and confiscated cookies to enter victims' accounts.

Cryptography: The conversion of data into a secret code for transmission over a public network. The original text or plaintext is converted into a coded equivalent called ciphertext via an encryption algorithm. The ciphertext is decoded (decrypted) at the receiving end and turned back into plaintext. The encryption algorithm uses a key, which is a binary number that is typically from 40 to 256 bits in length. The greater the number of bits in the key (cipher strength), the more possible key combinations and the longer it would take to break the code. The data are encrypted or locked by combining the bits in the key mathematically with the data bits. At the receiving end, the key is used to unlock the code and restore the original data.

Cryptographic key: A numeric code that is used to encrypt text for security purposes.

Data stewards: Refers to individuals responsible for the creation of the data used or stored in organizational computer systems. The data steward determines the appropriate sensitivity and classification level and reviews that level regularly for appropriateness. The data stewards have final responsibility for protecting the information assets and are responsible for ensuring the information assets under their control adhere to local policies. The data steward is one or more of the following:

• The creator of the information
• The manager of the creator of the information
• The receiver of external information
• The manager of the receiver of the external information

Data user: Anyone who routinely uses the data. Data users are responsible for following operating procedures, taking due care to protect information assets they use, and using computing resources of the department for department purposes only.

Denial of service (DoS): A DoS attack is a form of attacking another computer or organization by sending millions or more requests every second causing the network to slow down, cause errors, or shut down. Because it is difficult for a single individual to generate a DoS attack, these forms of attacks are often created by another organization and/or worms that in turn create zombie computers to create a DoS attack.

DES (Data Encryption Standard): An algorithm that encrypts and decrypts data in 64-bit blocks, using a 64-bit key (although the effective key strength is only 56 bits). It takes a 64-bit block of plaintext as input and outputs a 64-bit block of ciphertext. Since it always operates on blocks of equal size and it uses both permutations and substitutions in the algorithm, DES is both a block cipher and a product cipher.

Digital certificate: The digital equivalent of an ID card used in conjunction with a public key encryption system. Also called digital IDs, digital certificates are issued by a trusted third party known as a certification authority or certificate authority (CA) such as VeriSign, Inc. (www.verisign.com). The CA verifies that a public key belongs to a specific organization or individual, and the certification process varies depending on the level of certification and the CA itself. Driver's licenses, notarization, and fingerprints are types of documentation that may be used. The digital certificate typically uses the X.509 file format and contains CA and user information, including the user's public key (details below). The CA signs the certificate by creating a digest, or hash, of all the fields in the certificate and encrypting the hash value with its private key. The signature is placed in the certificate. The process of verifying the signed certificate is done by the recipient's software such as a Web browser or e-mail program. The software uses the widely known public key of the CA to decrypt the signature back into the hash value. If the decryption is successful, the identity of the user is verified. The software then recomputes the hash from the raw data (cleartext) in the certificate and matches it against the decrypted hash. If they match, the integrity of the certificate is verified (it was not tampered with). A signed certificate (the digital certificate) is typically combined with a signed message, in which case the signature in the certificate verifies the identity of the user while the signature in the message verifies the integrity of the message contents. The fact that the message is encrypted ensures privacy of the content. The CA keeps its private key very secure, because if it were ever discovered, false certificates could be created.

Digital signature: A digital guarantee that a file has not been altered, as if it were carried in an electronically sealed envelope. The signature is an encrypted digest (one-way hash function) of the text message, executable or other file. The recipient decrypts the digest that was sent and recomputes the digest from the received file. If the digest matches the file, it is proven to be intact and tamper free as received from the sender.

Disaster recovery: A plan for duplicating computer operations after a catastrophe occurs, such as a fire or earthquake. It includes routine off-site backup as well as a procedure for activating necessary information systems in a new location. The ability to recover information systems quickly after the terrorist attacks of 9/11 proved the value of disaster recovery. Many companies that had programs in place were up and running within a few days in new locations. Companies that did not have disaster recovery systems in place have had the most difficulty recreating their information infrastructure.

Distributed denial of service: On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users. A hacker (or cracker) begins a DDoS attack by exploiting vulnerabilities in one computer system and making it the DDoS master. It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple (sometimes thousands of) compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service. While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack including the final target and the systems controlled by the intruder.

Encryption: Encryption is defined as the manipulation or encoding of information so that only parties intended to view the information can do so. There are many ways to encrypt information, and the most commonly available systems involve public key and symmetric key cryptography. A public key system uses a mathematically paired set of keys, a public key and a private key. Information encrypted with a public key can only be decrypted with the corresponding private key, and vice versa. Therefore, you can safely publish the public key, allowing anyone to encrypt a message that can be read only by the holder of the private key. Presuming that the private key is known to only one authorized individual, the message is then accessible only to that one individual. A symmetric key system is based on a single private key that is shared between parties. Symmetric systems require that keys be transmitted and held securely in order to be effective, but are considered to be highly effective when the procedures are good and the number of individuals who possess the key is small. In general, under both systems, the larger the key, the more robust the protection.

Encrypting File System (EFS): A feature of the Windows 2000 operating system (and later) that lets any file or folder be stored in encrypted form and decrypted only by an individual user and an authorized recovery agent. EFS is especially useful for mobile computer users, whose computer (and files) are subject to physical theft, and for storing highly sensitive data.

FAT32 (File Allocation Table): The method that the operating systems use to keep track of files and to help the computer locate them on the disk. Even if a file is fragmented (split up into various areas on the disk), the file allocation table still can keep track of it. FAT32 is an improvement to the original FAT system, since it uses more bits to identify each cluster on the disk. This helps the computer locate files easier and allows for smaller clusters, which improves the efficiency of the hard disk. FAT32 supports up to two terabytes of hard disk storage.

Firewall: A method for implementing security policies designed to keep a network secure from intruders. It can be a single router that filters out unwanted packets or may comprise a combination of routers and servers each performing some type of firewall processing. Firewalls are widely used to give users secure access to the Internet as well as to separate an organization's public Web server from its internal network. Firewalls are also used to keep internal network segments secure; for example, the accounting network might be vulnerable to snooping from within the enterprise. In practice, many firewalls have default settings that provide little or no security unless specific policies are implemented by trained personnel. Firewalls installed to protect entire networks are typically implemented in hardware; however, software firewalls are also available to protect individual workstations from attack. While much effort has been made excluding unwanted input to the internal network, less attention has been paid to monitoring what goes out. Spyware is an application that keeps track of a user's Internet browsing habits and sends those statistics to a Web site.

The following are some of the techniques used in combination to provide firewall protection:

• Network Address Translation (NAT): Allows one Internet Protocol (IP) address, which is shown to the outside world, to refer to many IP addresses internally, one on each client station. Performs the translation back and forth. NAT is found in routers and is built into Windows Internet Connection Sharing (ICS).
• Packet Filter: Blocks traffic based on a specific Web address (IP address) or type of application (e-mail, File Transfer Protocol [FTP], Web, etc.), which is specified by port number. Packet filtering is typically done in a router, which is known as a screening router.
• Proxy Server: Serves as a relay between two networks, breaking the connection between the two. Also typically caches Web pages.
• Stateful Inspection: Tracks the transaction to ensure that inbound packets were requested by the user. Generally can examine multiple layers of the protocol stack, including the data, if required, so blocking can be made at any layer or depth.

IETF (Internet Engineering Task Force): The body that defines standard Internet operating protocols such as Transmission Control Protocol/Internet Protocol (TCP/IP). The IETF is supervised by the Internet Society Internet Architecture Board (IAB). IETF members are drawn from the Internet Society's individual and organization membership. Standards are expressed in the form of Requests for Comments (RFC).

Information security: The protection of data against unauthorized access. Programs and data can be secured by issuing identification numbers and passwords to authorized users. However, systems programmers or other technically competent individuals will ultimately have access to these codes. In addition, the password only validates that a correct number has been entered, not that it is the actual person. Using biometric techniques (fingerprints, eyes, voice, etc.) is a more secure method. Passwords can be checked by the operating system to prevent logging in. Database management system (DBMS) software prevents unauthorized access by assigning each user an individual view of the database. Data transmitted over networks can be secured by encryption to prevent eavesdropping. Although precautions can be taken to detect an unauthorized user, it is extremely difficult to determine if a valid user is purposefully doing something malicious. Someone may have valid access to an account for updating, but determining whether phony numbers are entered requires more processing. The bottom line is that effective security measures are always a balance between technology and personnel management.

IPSec (Internet Protocol Security): A security protocol from the IETF that provides authentication and encryption over the Internet. Unlike Secure Sockets Layer (SSL), which provides services at layer 4 and secures two applications, IPSec works at layer 3 and secures everything in the network. Also unlike SSL, which is typically built into the Web browser, IPSec requires a client installation. IPSec can access both Web and non-Web applications, whereas SSL requires a work around for non-Web access such as file sharing and backup. IPSec is supported by IPv6. Since IPSec was designed for the IP protocol, it has wide industry support and is expected to become the standard for virtual private networks (VPNs) on the Internet.

Kerberos: A security system developed at the Massachusetts Institute of Technology that authenticates users. It does not provide authorization to services or databases; it establishes identity at logon, which is used throughout the session.

Key: See Cryptographic key.

Keystroke logger: A program or hardware device that captures every key depression on the computer. Also known as keystroke cops, they are used to monitor an employee's activities by recording every keystroke the user makes, including typos, backspacing, and retyping.

LAN (Local Area Network): Any computer network technology that operates at high speed over short distances (up to a few thousand meters). A LAN may refer to a network in a given department or within a given firm or campus. It differs from computer networks that cross wider geographic spaces such as those networks on a wide area network (WAN). A LAN does not use the public arteries of the Internet like intranets and virtual private networks.

Management controls: Controls that include policies for operating information technology resources and for authorizing the capture, processing, storage, and transmission of various types of information. They also may include training of staff, oversight, and appropriate and vigorous response to infractions.

Need-to-know access: Under exceptional circumstances that are not stipulated in program policies, the case-by-case granting or denying of authorized access to case-specific information. This type of access is not routine; but rather it is for unusual situations and occurs only after careful deliberation by the ORP in concurrence with other public health professionals.

NIST (National Institute of Standards and Technology): Located in Washington, DC, it is the standards-defining agency of the U.S. government; formerly, the National Bureau of Standards. See http://www.nist.gov.

Nonpublic health uses of surveillance data: The release of data that are either directly or indirectly identifying to the public; to parties involved in civil, criminal, or administrative litigation; to nonpublic health agencies of the federal, state, or local government; or for commercial uses.

NTFS (NT File System): One of the file systems for the Windows NT operating system (and later). Windows NT also supports the FAT file system. NTFS has features to improve reliability, such as transaction logs to help recover from disk failures. To control access to files, you can set permissions for directories and/or individual files. NTFS files are not accessible from other operating systems such as DOS. For large applications, NTFS supports spanning volumes, which means files and directories can be spread out across several physical disks.

Overall Responsible Party (ORP): The official who accepts overall responsibility for implementing and enforcing these security standards and who may be liable for breach of confidentiality. The ORP should be a high-ranking public health official, for example, the division director or department chief over HIV/AIDS surveillance. This official should have the authority to make decisions about surveillance operations that may affect programs outside the HIV/AIDS surveillance unit and should serve as one of the contacts for public health professionals and the HIV-affected community on policies and practices associated with HIV/AIDS surveillance. The ORP is responsible for protecting HIV/AIDS surveillance data as they are collected, stored, analyzed, and released and must certify annually that all security program requirements are being met. The state's security policy must indicate the ORP by name.

Patch management: The installation of patches from a software vendor onto an organization's computers. Patching thousands of PCs and servers is a major issue. A patch should be applied to test machines first before deployment, and the testing environments must represent all the users' PCs with their unique mix of installed software.

Personal identifier: A datum, or collection of data, that allows the possessor to determine the identity of a single individual with a specified degree of certainty. A personal identifier may permit the identification of an individual within a given database. Bits of study data, when taken together, may be used to identify an individual. Therefore, when assembling or releasing databases, it is important to be clear which fields, either alone or in combination, could be used to such ends, and which controls provide an acceptable level of security.

Personnel controls: Staff member controls such as training, separation of duties, background checks of individuals, etc. Compare to physical and technical access controls.

PHIN MS (Public Health Information Network Messaging System): A generic, standards-based, interoperable, and extensible message transport system. It is platform-independent and loosely coupled with systems that produce outgoing messages or consume incoming messages.

Physical access controls: Controls involving barriers, such as locked doors, sealed windows, password-protected keyboards, entry logs, guards, etc. Compare to personnel and technical access controls.

PKI (Public Key Infrastructure): A secure method for exchanging information within an organization, an industry, a nation, or worldwide. A PKI uses the asymmetric encryption method (also known as the public/private key method) for encrypting IDs and documents/messages. Also, see Cryptography. It starts with the certificate authority (CA), which issues digital certificates (digital IDs) that authenticate the identity of people and organizations over a public system such as the Internet. The PKI can also be implemented by an enterprise for internal use to authenticate users that handle sensitive information. In this case, the enterprise is its own CA. The PKI also establishes the encryption algorithms, levels of security, and distribution policy to users. It not only deals with signed certificates for identity authentication, but also with signed messages, which ensures the integrity of the message so the recipient knows it has not been tampered with. The PKI also embraces all the software (browsers, e-mail programs, etc.) that supports the process by examining and validating the certificates and signed messages.

Plaintext: Normal text that has not been encrypted and is readable by text editors and word processors. Contrast with ciphertext.

Private key: The private part of a two part, public key cryptography system. The private key is kept secret and never transmitted over a network.

Project areas: HIV/AIDS surveillance sites that are directly funded by CDC. The HIV/ AIDS surveillance project areas are the 50 states, the District of Columbia, San Francisco, Los Angeles, Chicago, Houston, New York City, Philadelphia, Puerto Rico, U.S. Virgin Islands, Guam, American Samoa, the Republic of the Marshall Islands, the Commonwealth of the Northern Mariana Islands, the Republic of Palau, and the Federated States of Micronesia.

Provider: Any source of HIV/AIDS surveillance information, such as a physician, nurse, dentist, pharmacist, or other professional provider of health care or a hospital, health maintenance organization, pharmacy, laboratory, STD clinic, TB clinic, or other health care facility that forwards data into the surveillance system.

Public health uses of surveillance data: The principal public health use of HIV/AIDS surveillance at state and federal levels is for epidemiologic monitoring of trends in disease incidence and outcomes. This includes collection of data and evaluation of the collection system, as well as the reporting of aggregate trends in incidence and prevalence by demographic, geographic, and behavioral risk characteristics to assist the formulation of public health policy and direct intervention programs.

Surveillance data may be used for public health and epidemiologic research. Data that include names may be collected and released to public health officials on individual cases or clusters of cases of HIV/AIDS that are of particular epidemiologic or public health significance, such as those associated with new or unusual modes of HIV transmission, the detection of unusual strains of HIV, or the occurrence of unusual laboratory or clinical profiles. Analysis of these data may result in the formulation of public health recommendations for standards of diagnosis and treatment of HIV/AIDS and for preventing HIV transmission. However, when such data are released or reported to persons not having role-based or need-to-know access, information shall be presented in such a way as to preclude direct or indirect identification of individuals (e.g., by obscuring geographic or institutional affiliations).

The use of surveillance data to prompt follow-up by health departments with individual patients or their health care providers may constitute legitimate public health practice. In the context that the health department functions as the primary provider of care for persons who seek HIV counseling and testing, diagnosis and treatment of STDs, or medical and social services, health department staff may interact directly with their clients, independently of the role of the health department in monitoring epidemiologic trends in the incidence of HIV/AIDS. Where states or local communities determine that health departments should offer referrals to services for persons whose names are reported to the HIV/AIDS surveillance system and who are not primarily health department clients, and where the surveillance data serve as the source of identification of such individuals, health departments should establish standards and principles for such practice in collaboration with providers and community partners. This helps ensure the security and confidentiality protections are in place.

Public key: The published part of a two part, public key cryptography system. The private part is known only to the owner.

Quality improvement: Activities to enhance the performance level of a process. Quality improvement efforts involve measurement of the current level of performance, development of methods to raise that level, and implementation of those methods.

RAM (Random-Access Memory): A type of computer memory that can be accessed randomly; that is, any byte of memory can be accessed without touching the preceding bytes. RAM is the most common type of memory found in computers and other devices, such as printers. There are two basic types of RAM, dynamic RAM (DRAM) and static RAM (SRAM).

The two types differ in the technology they use to hold data, dynamic RAM being the more common type. Dynamic RAM needs to be refreshed thousands of times per second. Static RAM does not need to be refreshed, which makes it faster; but it is also more expensive than dynamic RAM. Both types of RAM are volatile, meaning that they lose their contents when the power is turned off.

Records retention policy: Assigning a length of time and date to paper or electronic records to establish when they should be archived or destroyed.

Risk: In the context of system security, the likelihood that a specific threat will exploit certain vulnerabilities and the resulting effect of that event. A thorough and accurate risk analysis would consider all relevant losses that might be expected if security measures were not in place. Relevant losses can include losses caused by unauthorized uses and disclosures and loss of data integrity that would be expected to occur absent the security measures. One of the reasonable risks that are identifiable is that someone could inadvertently or purposely make an unauthorized change to data that could affect patient care. Another reasonable integrity risk is that data may be lost or modified in transmission. Software bugs, viruses and worms, hardware malfunctions, and natural disasters such as fire or flood also can compromise data integrity.

Risk management: The optimal allocation of resources to arrive at a cost-effective investment in defensive measures for minimizing both risk and costs in a particular organization.

Role-based access: Access to specific information or data granted or denied by the ORP depending on the user's job status or authority. Roles typically group users by their work function. This control mechanism protects data and system integrity by preventing access to unauthorized applications. In addition, defining access based on roles within an organization, rather than by individual users, simplifies an organization's security policy and procedures. Compare to need-to-know access.

ROM (Read-Only Memory): Computer memory on which data have been prerecorded. Once data have been written onto a ROM chip, they cannot be removed and can only be read. Unlike main memory (RAM), ROM retains its contents even when the computer is turned off. ROM is referred to as being nonvolatile, whereas RAM is volatile.

Most personal computers contain a small amount of ROM that stores critical programs such as the program that boots the computer. In addition, ROM is used extensively in calculators and peripheral devices such as laser printers, whose fonts are often stored in ROM. A variation of a ROM is a PROM (programmable read-only memory). PROMs are manufactured as blank chips on which data can be written with a special device called a PROM programmer.

RSA (Rivest-Shamir-Adleman): A highly secure cryptography method by RSA Security, Inc., Bedford, MA (www.rsa.com). It uses a two part key. The private key is kept by the owner; the public key is published.

Data are encrypted by using the recipient's public key, which can only be decrypted by the recipient's private key. RSA is very computation intensive; thus it is often used to create a digital envelope, which holds an RSA-encrypted DES key and DES-encrypted data. This method encrypts the secret DES key so that it can be transmitted over the network, but encrypts and decrypts the actual message using the much faster DES algorithm.

RSA is also used for authentication by creating a digital signature. In this case, the sender's private key is used for encryption, and the sender's public key is used for decryption. See Digital signature.

The RSA algorithm is also implemented in hardware. As RSA chips get faster, RSA encoding and decoding add less overhead to the operation.

Sanitize: Also known as disk wiping, sanitizing is the act of destroying the deleted information on a hard disk or floppy disk to ensure that all traces of the deleted files are unrecoverable. Software programs that can successfully sanitize a diskette are available.

Script kiddie: A person who uses scripts and programs developed by others for the purpose of compromising computer accounts and files, and launching attacks on whole computer systems; in general, these persons do not have the ability to write said programs on their own. Normally, this person is someone who is not technologically sophisticated and who randomly seeks out a specific weakness over the Internet to gain root access to a system without really understanding what is being exploited because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific organization, but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability.

Secret key cryptography: Using the same secret key to encrypt and decrypt messages. The problem with this method is transmitting the secret key to a legitimate person who needs it.

Secured area: The physical confinement limiting where confidential HIV/AIDS surveillance data are available. Only authorized staff have access to this area. The secured area usually is defined by hard, floor-to-ceiling walls with a locking door and may include other measures (e.g., alarms, security personnel).

Security: The protection of surveillance data and information systems, with the purposes of

• preventing unauthorized release of identifying surveillance information or data from the systems (e.g., preventing a breach of confidentiality) and
• protecting the integrity of the data by preventing accidental data loss or damage to the systems.

Security includes measures to detect, document, and counter threats to the confidentiality or integrity of the systems.

Server farm: A group of network servers that are housed in one location. A server farm provides bulk computing for specific applications such as Web site hosting; in contrast, although a data center has many servers, it also has people. In a server farm, a user would generally only see a technician when an installation or a repair was performed; whereas in the data center, operators would be sitting at consoles, putting paper in printers, and possibly moving disks and tapes from one place to another. A server farm is typically a room with dozens, hundreds, or even thousands of rack-mounted servers humming away. They might all run the same operating system and applications and use load balancing to distribute the workload between them.

Smart cards: A credit card sized card with a built-in microprocessor and memory used for identification or financial transactions. When inserted into a reader, it transfers data to and from a central computer. It is more secure than a magnetic stripe card and can be programmed to self-destruct if the wrong password is entered too many times. As a financial transaction card, it can be loaded with digital money and used like a travelers check, except that variable amounts of money can be spent until the balance is zero.

Spyware: Software that sends information about Web surfing habits to its Web site. Often quickly installed on a computer in combination with a free download purposefully selected from the Web, spyware (also known as parasite software or scumware) transmits information in the background as a user moves around the Web.

The license agreement may or may not clearly indicate what the software does. It may state that the program performs anonymous profiling, which means that a user's browsing habits are being recorded. Such software is used to create marketing profiles. For example, a person who accesses Web site A, often accesses Web site B and so on. Spyware can be clever enough to deliver competing products in real time. For example, if a user accesses a Web page to look for a minivan, an advertisement for a competitor's minivan might pop up.

Spyware organizations argue that as long as they are not recording names and personal data, but treat the user as a numbered individual who has certain preferences, they are not violating a person's right to privacy. Nevertheless, many feel their privacy has been violated. The bottom line is that once users detect a spyware program in their computer, it can be eliminated, albeit sometimes with much difficulty. The downside is that people can become suspect of every piece of software they install.

SSL (Secure Sockets Layer): The leading security protocol on the Internet. When an SSL session is started, the server sends its public key to the browser, which the browser uses to send a randomly generated secret key back to the server in order to have a secret key exchange for that session. Developed by Netscape, SSL has been merged with other protocols and authentication methods by the IETF into a new protocol known as Transport Layer Security (TLS).

Super user: Someone with the highest level of user privilege who can allow unlimited access to a system's file and setup. Usually, super user is the highest level of privilege for applications, as opposed to operating or network systems. A super user could destroy the organization's systems maliciously or simply by accident.

Surveillance: The ongoing and systematic collection (paper or electronically), analysis, and interpretation of health data in the process of describing and monitoring a health event. This information is used for planning, implementing, and evaluating public health interventions.

Surveillance data: Statistics generated from disease surveillance in either paper or electronic format.

Surveillance information: Details collected on an individual or individuals for completing routine or special surveillance investigations. Examples of HIV/AIDS surveillance information are the HIV/AIDS report forms, ancillary notes about risk investigations and related questionnaires, notes about suspect cases, laboratory reports, ICD9/10 line lists, discharge summaries, death certificates, and drug data stores.

Symmetric encryption: Same as secret key cryptography.

Technical access controls: Controls involving technology, such as requirements for password use and change, audit of the electronic environment, access to data controlled through known software tools, and control over introduction of changes to the information technology environment (hardware, software, utilities, etc.). Compare to personnel and physical access controls.

Trojan horse: A program that appears legitimate, but performs some illicit activity when it is run. It may be used to locate password information, make the system more vulnerable to future entry, or simply destroy programs or data on the hard disk. A Trojan horse is similar to a virus, except that it does not replicate itself. It stays in the computer doing its damage or allowing somebody from a remote site to take control of the computer. Trojans often sneak in attached to a free game or other utility.

Two-factor authentication: The use of two independent mechanisms for authentication; for example, requiring a smart card and a password. The combination is less likely to allow abuse than either component alone.

Virus: Software program first written by Fred Cohen in 1983, and later coined in a 1984 research paper. A virus is a software program, script, or macro that has been designed to infect, destroy, modify, or cause other problems with a computer or software program. Installing an antivirus protection program can help prevent viruses.

VPN (Virtual Private Networks): A network that is connected to the Internet, but uses encryption to scramble all the data sent through the Internet so the entire network is "virtually" private.

Vulnerability: A security exposure in an operating system or other system software or application software component. Security firms maintain databases of vulnerabilities based on version number of the software. Any vulnerability can potentially compromise the system or network if exploited. For a database of common vulnerabilities and exposures, visit http://icat.nist.gov/icat.cfm

WAN (Wide Area Network): A network of computers that can span hundreds or thousands of miles. Unlike intranets and virtual private networks, a WAN does not use public Internet arteries and is isolated from the public domain.

Zombie: A computer system that has been covertly taken over to transmit phony messages that slow down service and disrupt the network. A pulsing zombie sends bogus messages in periodic bursts rather than continuously.