Glossary of Terms - Executive Summary
Glossary of Terms for Trendzact Solutions
© 2024 Trendzact Inc.
Trademark Rights Statement
All product names, logos, and brands mentioned in this document are the property of their respective owners. Use of these names, logos, and brands does not imply endorsement. “Trendzact” and other related trademarks, service marks, and logos used in this document are registered and unregistered trademarks of Trendzact Inc. All other trademarks cited herein are the property of their respective owners. Unauthorized use of any trademarks appearing in this document is strictly prohibited.
Glossary Terms “A-Z” below Trendzact Terms
Trendzact Clear Desk Compliance Workspace Monitoring – A service that ensures workspaces comply with clear desk policies by monitoring the physical environment to detect any unsecured documents or potential security risks.
Trendzact Face Auth – An advanced facial recognition authentication system that ensures only authorized users can access specific systems and data, enhancing security within a Zero Trust framework.
Trendzact GRC One – A comprehensive Governance, Risk, and Compliance solution that integrates multiple security functions such as Continuous Identity Verification, Clear Desk Compliance, and User Activity Monitoring to ensure secure and compliant work environments.
Trendzact Multimonitor Screen Recording – A feature that records activities across multiple computer screens to ensure compliance and security, especially in environments where sensitive data is accessed or managed.
Trendzact Multimonitor Screen Recording – A multi-display screen recording tool that provides continuous or violation-triggered recording of user activities across multiple monitors, ensuring comprehensive oversight and security.
Trendzact Panoramic Workspace Webcam – A 160+ degree field of view camera designed for comprehensive monitoring of workspaces, ensuring compliance with security protocols and clear desk policies.
Trendzact UEBA vs EUBA – Comparing UEBA prioritizes user behavior first, then considers the behavior of entities. This is particularly valuable in environments where human actions, such as employee interactions with data, are the primary concern. EUBA often prioritizes the behavior of non-human entities first, which can be more useful in heavily automated environments where machine behavior is more critical. Trendzact opts for UEBA because its solutions focus heavily on monitoring user activities within workspaces, whether onsite or remote. Since human behavior is often the weakest link in cybersecurity, especially concerning insider threats and compliance violations, UEBA is better suited to detect and respond to risky actions taken by users. By prioritizing user behavior, Trendzact’s UEBA approach helps ensure that any deviation from normal user patterns is quickly identified and addressed, thus enhancing the security and integrity of the workspace.
Trendzact User Activity Monitoring – A service that monitors and records user activities including location, unattended applications, and digital interactions to prevent unauthorized actions and maintain security compliance.
Trendzact Workspace vs. Workstation – A Workspace refers to the overall environment where work is done, including desks, chairs, computers, and personal items. A Workstation refers specifically to a single computer setup that an employee uses to perform their tasks. Workspace management involves securing the entire environment, while workstation management focuses on securing individual computers.
Glossary Terms “A-Z”
Active Directory (AD) – A Microsoft service that helps manage and control access to network resources like computers and users in a company. It acts as a digital directory ensuring that only authorized individuals can access certain areas or information.
AD – see Active Directory
AD GPO – see Active Directory Group Policy Object
AICPA – see American Institute of Certified Public Accountants
Amazon Web Services (AWS) – A comprehensive and widely used cloud computing platform provided by Amazon. AWS offers a variety of services including computing power, storage options, networking capabilities, and tools for machine learning, analytics, and security.
American Institute of Certified Public Accountants (AICPA) – The national professional organization for Certified Public Accountants (CPAs) in the United States. The AICPA sets ethical standards, auditing procedures, and provides guidance for the accounting profession. It is also responsible for establishing and maintaining the criteria for SOC (System and Organization Controls) reports, including SOC 2, which evaluates an organization’s controls relevant to security, availability, processing integrity, confidentiality, and privacy. The AICPA’s framework for SOC 2 ensures that organizations manage customer data securely and maintain trust with their clients.
Anomaly Detection (in UEBA) – A key feature of User and Entity Behavior Analytics (UEBA) that identifies behaviors or activities that deviate from established patterns or norms within a network. Anomaly detection works by continuously monitoring user and entity actions, comparing them against a “normal” baseline. When the system detects behaviors that are unusual or unexpected—such as accessing sensitive data at odd hours or from unusual locations—it flags them as potential security threats. This helps in identifying insider threats, compromised accounts, or any other malicious activities that traditional security measures might miss.
Autonomous Monitoring and Remediation – A system where monitoring tools automatically detect, analyze, and address potential security threats without human intervention. For example, if an unauthorized device is detected in a workspace, the system might automatically block access to sensitive data.
AWS – see Amazon Web Services
AWS Six Pillars – A set of best practices from Amazon Web Services (AWS) that help organizations design and maintain secure, reliable, and efficient systems. These guidelines focus on operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability.
AWS Virtual Private Cloud (AWS VPC) – A private, secure section of a AWS public cloud that allows companies to operate as if they have their own isolated network.
AWS VPC – see AWS Virtual Private Cloud
Baseline (in UEBA) – The standard or “normal” pattern of behavior that is established over time by monitoring users and entities within a network. The baseline includes typical actions, frequencies, locations, and times for each user or entity. UEBA systems use this baseline to differentiate between regular behavior and potential threats. By understanding what constitutes “normal” activity, the system can more accurately detect anomalies that might indicate a security incident, such as unauthorized access or data exfiltration.
BPO – see Business Process Outsourcing
Business Process Outsourcing (BPO) – The practice of contracting business tasks, such as customer service or accounting, to a third-party provider to save time and reduce costs.
Clear Desk Workspace Compliance – A policy requiring workspaces to be free of unsecured, sensitive information when not in use, ensuring a higher level of security. This means no papers with private details left on desks when employees leave their work areas.
Compliance – The process of ensuring that an organization adheres to laws, regulations, industry standards, and internal policies. Compliance involves monitoring and enforcing these requirements to prevent legal issues, financial penalties, or reputational damage. It includes maintaining up-to-date knowledge of applicable rules, training employees on compliance-related matters, and implementing systems to track and report compliance activities.
Continuous Identity Verification – A security process that constantly verifies the identity of users in real-time using methods like facial recognition and Multi-Factor Authentication (MFA) to prevent unauthorized access.
Data Breach Notification (in the context of GDPR) – A requirement under GDPR that mandates organizations to notify the relevant supervisory authority of a data breach within 72 hours of becoming aware of it, if the breach is likely to result in a risk to the rights and freedoms of individuals. In certain cases, the organization must also notify the affected data subjects without undue delay. The notification must include the nature of the breach, the likely consequences, and the measures taken or proposed to address the breach.
Data Controller – An entity that determines the purposes and means of processing personal data. Under GDPR, the data controller is responsible for ensuring compliance with data protection regulations.
Data Loss Prevention (DLP) – A set of tools and strategies designed to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.
Data Processing Addendum (DPA, in the context of GDPR) – A legally binding contract that is added to an existing agreement between a data controller and a data processor, ensuring that the processing of personal data complies with data protection laws, such as the GDPR. The DPA outlines the responsibilities and obligations of both parties, including how data should be processed, protected, and handled, as well as stipulations regarding data breaches, data transfer, and the rights of data subjects. This addendum is essential for maintaining compliance with privacy regulations when personal data is processed by third parties.
Data Processor – An entity that processes personal data on behalf of a data controller. Data processors are bound by the terms of the Data Processing Addendum (DPA) to handle data in compliance with GDPR.
Data Protection Authority(in the context of GDPR) – An independent public authority responsible for overseeing the enforcement of data protection laws within a specific country or jurisdiction. DPAs ensure that organizations comply with regulations like GDPR, handle complaints from data subjects, conduct investigations, and issue fines or corrective measures for non-compliance. Each EU Member State has its own DPA that works in coordination with other DPAs across the EU to enforce GDPR consistently.
Data Protection Impact Assessment (DPIA, in the context of GDPR) – A process required under GDPR for organizations to assess the impact of data processing activities on the privacy rights of individuals, particularly when those activities pose a high risk. A DPIA involves identifying potential privacy risks, evaluating their severity, and implementing measures to mitigate them. The assessment helps organizations ensure compliance with GDPR and protect the rights and freedoms of data subjects by proactively addressing privacy concerns.
Data Subject – An individual whose personal data is collected, stored, or processed by an organization. Under data protection laws like the General Data Protection Regulation (GDPR), a data subject has certain rights over their personal information, including the right to access, correct, or request the deletion of their data. Organizations must handle the data subject’s information with care, ensuring it is protected and used in compliance with relevant regulations.
Data Subject Rights (in the context of GDPR) – The rights granted to individuals under GDPR regarding their personal data.
DLP – see Data Loss Prevention
DPA – see Data Processing Addendum
Edge Compute – Technology that processes data closer to where it is created, reducing delays and increasing efficiency. It’s like having a mini-data center nearby rather than relying on a distant one.
Entity and User Behavior Analytics (EUBA) – Similar to UEBA, EUBA also focuses on analyzing the behavior of entities and users within a network. However, EUBA typically places more emphasis on the behavior of non-human entities (like devices or systems) first, followed by user behaviors. This approach is particularly useful in environments where machine interactions are more frequent or critical than human interactions.
EU GDPR – see General Data Protection Regulation
EUBA – see Entity and User Behavior Analytics
Face (Facial) Recognition Authentication – A security feature that uses facial recognition to ensure only authorized people can access certain systems or information, like a digital ID check every time you log in.
GDPO – see Global Data Protection Officer
GDPR – see General Data Protection Regulation
GDPR DSR – see Data Subject Rights
GDPR DSR Right to Access: Individuals can request and obtain a copy of their personal data held by an organization.
GDPR DSR Right to Data Portability: Individuals can receive their personal data in a structured, commonly used format and transfer it to another data controller.
GDPR DSR Right to Erasure (Right to be Forgotten): Individuals can request the deletion of their personal data under certain conditions.
GDPR DSR Right to Object: Individuals can object to the processing of their personal data, particularly for direct marketing purposes.
GDPR DSR Right to Rectification: Individuals can request corrections to inaccurate or incomplete data.
GDPR DSR Right to Restrict Processing: Individuals can limit how their data is processed in certain situations.
GDPR DSR Rights related to Automated Decision-Making and Profiling: Individuals can request human intervention in decisions made solely by automated processes that significantly affect them.
General Data Protection Regulation (EU GDPR) – A comprehensive data protection law enacted by the European Union (EU) that regulates how organizations collect, process, and store personal data of individuals within the EU. GDPR aims to give individuals greater control over their personal data and imposes strict requirements on organizations, including obtaining explicit consent for data processing, ensuring data security, and reporting data breaches within 72 hours. Non-compliance with GDPR can result in substantial fines and penalties.
Global Data Protection Officer (GDPO) – A senior-level official responsible for overseeing an organization’s data protection strategy and ensuring compliance with data protection laws across multiple jurisdictions, including GDPR. The GDPO is tasked with implementing and managing policies and procedures to protect personal data, conducting regular audits, providing training to staff, and serving as a point of contact between the organization, regulatory authorities, and data subjects. The role is critical in ensuring that the organization adheres to global data protection standards and mitigates risks associated with data privacy.
Global DPO – see Global Data Protection Officer
Governance – The framework of rules, practices, and processes by which a company is directed and controlled. Governance involves establishing clear policies and procedures for decision-making, defining roles and responsibilities, and ensuring that the company operates in a way that aligns with its goals and values. Effective governance helps maintain accountability, transparency, and ethical behavior within an organization.
Governance, Risk, and Compliance – A comprehensive approach ensuring a company follows regulations, manages risks, and adheres to internal policies. Trendzact GRC One integrates various security measures to protect the company.
GPO – see Group Policy Object or Active Directory Group Policy
GRC – see Governance, Risk, and Compliance or individual terms
Group Policy Object (GPO) – A Microsoft Windows feature that allows administrators to manage settings for users and computers within a network, such as requiring all company computers to have password-protected screen savers.
Hybrid Workforce – A mix of employees working both in the office and remotely (from home or other locations). This setup requires special tools to ensure security and productivity.
Insider Threats – Security risks posed by employees or contractors who have access to sensitive data and might misuse it, either intentionally or accidentally.
Member States (in the context of GDPR) – The countries that are part of the European Union (EU) and are subject to its regulations, including GDPR. Each Member State is responsible for implementing GDPR within its national legal framework and has its own Data Protection Authority (DPA) to enforce the regulation. While GDPR is a unified regulation across the EU, Member States may have specific laws or regulations that supplement GDPR, particularly in areas where GDPR allows for local discretion.
MFA – see Multi-Factor Authentication
Multi-Factor Authentication (MFA) – A security system that requires users to provide two or more verification methods (like a password and a text code) before accessing a system, making it harder for unauthorized users to gain access.
Panoramic Workspace Webcam – A Trendzact-exclusive wide-angle camera (160+ degrees field of view) used for comprehensive monitoring of a workspace, ensuring compliance with security protocols like Clear Desk Compliance.
Payment Card Industry Data Security Standard (PCI-DSS) – A set of security standards designed to ensure that companies processing, storing, or transmitting credit card information maintain a secure environment.
PCI-DSS – see Payment Card Industry Data Security Standard
Personal Privacy Profiles – User-specific settings that control the visibility and privacy of workspace data and images, particularly useful in remote or hybrid work environments.
Personally Identifiable Information (PII) – Any information that can be used to identify a specific individual, such as names, addresses, or social security numbers.
PII – see Personally Identifiable Information
Pilot – A small-scale, preliminary study or trial run of a project, product, or service conducted to evaluate its feasibility, performance, and potential success before a full-scale launch. In a business context, a pilot allows an organization to test processes, identify issues, gather feedback, and make improvements in a controlled environment. Successful pilots help reduce risks and increase confidence in the larger deployment.
PoC (or POC) – see Proof of Concept
Production – The phase in which a product, service, or system is fully deployed and operational, following successful development, testing, and piloting stages. In this stage, the solution is made available to all intended users or customers and is expected to perform reliably at scale. Production environments are often closely monitored to ensure stability, security, and continuous performance, as they represent the final, live implementation of the solution.
Proof of Concept (PoC) – A demonstration that verifies whether certain ideas or technologies are feasible and can be successfully implemented.
Remote Workforce – Employees, contractors or agents who work from locations outside the traditional office environment, often requiring unique tools and protocols to maintain security and productivity.
Risk – The potential for loss, damage, or any other negative outcome resulting from internal or external vulnerabilities, uncertainties, or threats. In a business context, risk management involves identifying, assessing, and prioritizing these risks, followed by implementing strategies to minimize or mitigate their impact. Effective risk management ensures that a company is better prepared to handle unexpected events and can maintain its operations even in the face of challenges.
Risk-Based Monitoring Profiles – Customized monitoring setups that focus on specific risks associated with different roles or activities within an organization, allowing for targeted security measures.
SOC 2 Type 2 – A certification that shows a company has effective procedures in place to manage data securely and protect customer privacy, based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy.
UAM – see User Activity Monitoring
UAT – see User Acceptance Testing
UEBA – see User and Entity Behavior Analytics
User Acceptance Testing (UAT) – The process in which end users or clients test a product, system, or application to verify that it meets their requirements and functions as expected before it goes live. UAT is typically the final testing phase, where real-world scenarios are simulated to ensure the solution is ready for production. It helps identify any issues that may have been missed during earlier testing phases, ensuring that the solution aligns with user needs and business objectives.
User Activity Monitoring (UAM) – A service that tracks user actions, such as the use of unattended applications or digital interactions, to ensure that employees are following security protocols.
User and Entity Behavior Analytics (UEBA) – A technology that uses machine learning to track and analyze the behavior of users and systems, looking for unusual activities that might indicate a security threat.
UWA-V160 Webcam – see Panoramic Workspace Webcam
VDI– see Virtual Machine/Virtual Desktop Infrastructure
Virtual Machine/Virtual Desktop Infrastructure (VM/VDI) – Technology that allows desktop environments and applications to be run in virtual machines on a centralized server, providing flexibility and enhanced security for remote workforces.
VM – see Virtual Machine/Virtual Desktop Infrastructure
VPC – see AWS Virtual Private Cloud
Whistleblower – An individual, often an employee or insider, who reports or exposes illegal, unethical, or improper activities within an organization. Whistleblowers play a crucial role in bringing to light actions such as fraud, corruption, data breaches, or violations of laws and regulations. In the context of data protection and privacy, a whistleblower might report a company’s non-compliance with GDPR or other data protection laws. Whistleblower protections are often provided by laws or regulations to ensure that individuals who come forward are not subject to retaliation, such as dismissal, demotion, or harassment.
Workspace Compliance – Ensuring that all aspects of a workspace, including the physical and digital environments, adhere to security and privacy standards.
Workspace Monitoring – The continuous observation and analysis of both the physical and digital work environments to ensure compliance, security, and productivity. This can include monitoring screens, the physical workspace, or both.
Zero Trust – A security philosophy that assumes no one, whether inside or outside the network, should be trusted by default. Access is given only after verifying a user’s identity each time they request access to a system or data.