Information Security Terms and Acronyms

Information security terminology can often be highly technical and filled with acronyms that may be unfamiliar to faculty, staff, students, and third-party partners. This glossary is intended to provide clear, accessible definitions for commonly used information security, privacy, and technology terms referenced in Wharton and University security guidance.

The definitions below are designed to support a shared understanding of security concepts used in risk reviews, system architecture discussions, compliance activities, and day-to-day technology operations.

Common Information Security Terms

Access Control

The process of restricting access to systems, applications, or data based on a user’s identity and authorized permissions.

Authentication

The process of verifying the identity of a user, system, or application before granting access.

Authorization

The process of determining what an authenticated user is permitted to access or perform within a system.

Confidential Data

Information that requires protection from unauthorized disclosure due to legal, regulatory, contractual, or institutional requirements.

Data Classification

The process of categorizing data based on its sensitivity and required level of protection.

Data Flow Diagram

A visual representation of how data enters, moves through, is stored within, and exits a system or application environment.

Encryption

The process of converting information into a protected format that can only be accessed using an approved decryption method or key.

Firewall

A security control that monitors and restricts network traffic between systems or security zones based on defined rules.

Least Privilege

A security principle in which users and systems are granted only the minimum level of access necessary to perform required functions.

Multi-Factor Authentication (MFA)

An authentication method requiring two or more verification factors to gain access to a system or application.

Personally Identifiable Information (PII)

Information that can be used to identify an individual, either directly or indirectly.

Risk Assessment

A process used to identify, evaluate, and document potential security risks to systems, applications, or data.

Security Incident

An event that may compromise the confidentiality, integrity, or availability of information or systems.

Single Sign-On (SSO)

An authentication capability that allows users to access multiple applications using a single set of credentials.

Risk Review

A review process used to evaluate the security posture and risk associated with third-party products, services, or providers.

Common Acronyms