Fintech: Glossary of Terms

Fintech: Glossary of Terms

A

Access: Ability to use, create, modify, view, or otherwise manipulate information on a system.

Access control:  Access control is the means by which the ability to use, create, modify, view, etc., is explicitly enabled or restricted in some way (usually through physical and system-based controls).

Account: The combination of user name and password that provides an individual, group, or service with access to a computer system or computer network.

Activity: It is a step of a workflow, in such a way that if several activities are joined together, a workflow is formed, each activity performs an action, receives input parameters and produces output parameters, it can interpret logic, actions, paths or branches. , example (Switch, If, Initializer. among others)

Agile: It is a methodology for the development of projects that require speed and flexibility, it is a philosophy that involves a different way of working and organizing. In such a way that each project is ‘broken down’ into small parts that have to be completed and delivered in a few weeks. The goal is to develop quality products and services that respond to the needs of customers whose priorities are changing at an ever-increasing speed.

B

Backup: Copy of files and applications made to avoid loss of data and facilitate recovery in the event of a system failure.

Biometrics:  Methods for differentiating humans based upon one or more intrinsic physical or behavioral traits such as fingerprints or facial geometry.

Biometric authentication:  Using biometrics to verify or authenticate the identity of a person.

C

Call to action (CTA): is a call to a necessary action to carry out. These actions must be executed by a user for proper customer management. There are 4 categories associated with CTA’s:

• Commercial: Determined by their sales nature associated with a product.
• Administrative: Associated administrative aspects of the client
•  Risk: They put the client’s situation at risk.
• Services:  Associated to provide better customer service.

Category-1 data: Information whose confidentiality is protected by law or contract.

Category-1a data: Information whose confidentiality is protected by law or contract, but for which there are no specifically proscribed penalties.

Category-2 data: University information usually restricted to university employees, but which are releasable in accordance with the Texas Public Information Act.

Category-3 data: University information that is generally publicly available.

Customer Journey:  It includes the experiences that potential customers and buyers have with a brand each time they contact a company. Each customer touch point (physical, digital) with the brand influences the customer experience and therefore the strength and popularity of the brand.

D

Data loss prevention: Prevention of unnecessary exposure of protected information.

Digital certificate: An electronic document which uses a digital signature to bind specially derived numerical information with an identity – such as the name of a person or an organization. Most often encountered on web sites using encryption (SSL/https).

Digital signature: Method of adding specially derived numerical information to a file or message (most often used as part of a digital certificate infrastructure).

Digital data: The subset of Data (as defined above) that is transmitted by, maintained, or made available in electronic media.

E

Electronic Information, Communication, and Technology (EICT): Includes information technology and any equipment or interconnected system or subsystem of equipment used to create, convert, duplicate, or deliver data or information. Other terms such as, but not limited to, Electronic Information Resources (EIR), Information and Communications Technology (ICT), Electronic Information Technology (EIT), etc. can be considered interchangeable terms with EICT for purposes of applicability for compliance with this rule.

Electronic mail (email): Any message, image, form, attachment, data, or other communication sent, received, or stored within an electronic mail system.

Emergency change: When an unauthorized immediate response to imminent critical system failure is needed to prevent widespread service disruption.

Encrypted data: Data rendered unreadable to anyone without the appropriate cryptographic key and algorithm.

Encryption: Process of numerically changing data to enhance confidentiality. Data is obscured using a specific algorithm and key both of which are required to interpret the encrypted data.

End user: A person given authorization to access information on a system.

Escrow: Data decryption keys or passwords held in trust by a third party to be turned over to the user only upon fulfillment of specific authentication conditions.

Exposure: State during which a system’s controls do not adequately reduce risk that the information could be stolen or exploited by an unauthorized person.

F

Firewall: An access control mechanism that acts as a barrier between two or more segments of a computer network or overall client/server architecture, used to protect internal networks or network segments from unauthorized users or processes. Such devices include hardware that is placed in the network to create separate security zones, provide NAT, and create a point of access control.

Flow:  The path that a typical user takes in a website or application to complete a task. The user flow understands from the point of its input by adding the set of steps it executes until it completes the task with a successful result

H

Hardening: The process of making computer and network systems more resistant to tampering or malicious software.

I

Incident: Any set of circumstances in which the anticipated and configured delivery of a service is interrupted, delayed, or otherwise unavailable.

Incident management: Process of returning service as quickly and effectively as possible.

Information owner:  Responsible for specified information and establishing the controls for its collection, creation, processing, access, dissemination, and disposal. The owner of a collection of information is the person responsible for the business results of that system or the business use of the information. Where appropriate, ownership may be shared by managers of different departments. See OP 44.00 for a list of duties and responsibilities.

Information security: Protecting information so that it can only be seen, changed, deleted or copied by an authorized person and only in ways and to places authorized to contain it.

Information system: The equipment and software such as files, computers, tablets, servers, hard drives, removable thumb drives, cloud storage, etc. used to collect, record, process, display, and transmit information.

Information Resources Manager (IRM): Authorized and accountable to the State of Texas for management of the university’s information systems to implement security policies, procedures, and guidelines to protect the information systems of the university. The Associate Vice President of Information Technology/CIO is designated as the university’s IRM. The IRM will:

• Maintain information as a strategic asset of the university
• Provide the resources to enable employees to carry out their responsibilities for securing information and information systems.
• Review and approve information owners and associated responsibilities.

Information Security Council: Body assembled by the CIO that contains at least the CIO and Information Security Officer. Provides direction and management of the information security program and information technology risk management program.

Information Security Officer (ISO): Responsible for administering the information security functions within the university. The ISO is the university’s internal and external point of contact and internal resource for all information security matters. The ISO will:

• Develop, coordinate and administer the ASU Information Security Program and periodically assess whether the program is implemented in accordance with ASU IT Security policies.
• Provide consultation on balancing effective IT security with business needs.
• Develop and maintain an information security awareness program.
• Provide solutions, guidance, and expertise in IT security.
• Maintain written IT security policies, standards and procedures as appropriate.
• Collecting data relative to the state of IT security at ASU and communicating as needed.
• Provide guidance on the information security requirements of federal, state and local privacy regulations.

Information security program: The elements, structure, objectives, and resources that establish an information system’s security function within the university.

Integrity: The accuracy and completeness of information and assets and the authenticity of transactions.

Intellectual property: Ideas for which property rights are recognized under patent, trademark, or copyright law. Usually a work originating from thought or an idea that is distinct, separate, clearly definable, and novel.

Interface Designer: It is the means by which a person controls software or hardware. That is, it is what you see, what you interact with.

Internet: A global system interconnecting computers and computer networks. The computers and networks are owned separately by a host of organizations, government agencies, companies, and colleges.

Intrusion detection system (IDS): Hardware or a software application that can be installed on network devices or host operating systems to monitor network traffic and host log entries for signs of known and likely methods of intruder activity and attacks. Suspicious activities trigger administrator alarms and other configurable responses.

K

Kick off: refers to the kickoff meeting. It is the meeting that determines the start of a project, the first contact between both parties.

L

Lawful intercept: The interception of data on the university network by ISO and IT Networking and Telecommunications staff, in accordance with local law and after following due process and receiving proper authorization from the appropriate authorities.

Local account: Account that allows access only to a local system and uses that systems local authentication service.

Local area network (LAN): A data communications network spanning a limited geographical area. It provides communication between computers and peripherals at relatively high data rates and relatively low error rates.

Local storage: Storage that is physically local to the workstation or server.

Look & Feel: It indicates both the visual style (look) and the way or sensation in which the user perceives it (feel). The look and feel depends on the design and the elements that make up a website, an app or a presentation.

M

Malicious code: Software designed to infiltrate or damage a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code including spyware, Trojan horses, viruses, and worms.

Mission critical information system: Information system defined to be essential to the university’s function and which, if made unavailable, will inflict substantial harm to the university and the university’s ability to meet its instructional, research, patient care, or public service missions. Mission critical information systems include those systems containing sensitive information.

Most Valuable Product (MVP): It is the version of a new product. that with the least possible effort , allows a team to collect the maximum amount of  validated learning  from users and clients. Examples: Card Tracking./Compliance alerts/ Fraud alerts. *

N

Net Promote Score (NPS): Is an indicator to measure the general loyalty of customers towards a company, based on the question: «How likely is it that you will recommend the product or service to a family member or friend? » where the user / customer rates on a scale of 0 to 10, where 0 is’ Very unlikely ‘and 10 is’ I would definitely recommend it.

Network: All associated equipment and media creating electronic transmission between any information system(s), such as wired, optical, wireless, IP, synchronous serial, telephony, etc.

O

Offsite storage: Based on data criticality, offsite storage should be in a geographically different location from the campus that does not share the same disaster threat event. Based on an assessment of the data backed up, removing the backup media from the building and storing it in another secured location on the campus may be appropriate.

Open Banking: System that allows clients of financial entities to be the owners of their information and share it with the entities that they authorize in a secure manner, whether they are financial or not. It also presumes the dissemination of public and aggregated information on the products and services of each entity. System that allows clients of financial entities to be the owners of their information and share it with the entities that they authorize in a secure manner, whether they are financial or not. It also presumes the dissemination of public and aggregated information on the products and services of each entity.

P

Password: A string of characters used to verify or “authenticate” a person’s identity.

Password complexity : The characteristic of a password typically described by the number of characters, the size of the character set used, and the randomness with which those characters were chosen.

Password strength: Description of a password’s ability to resist being guessed or otherwise mathematically or cryptographically discovered.

Patch: A fix or update for a software program usually related to a security issue.

Penetration Test: A controlled attempt to circumvent the security of a network or computer system to test its ability to resit hacking.

Perimeter security control: The first layer of defense against malicious traffic that filters information between university internal networks and the internet

Permissions: User security is managed through privileges and permissions. Permissions define the level of access that users and groups have to a functionality or module. Even if a user has the privilege to perform certain actions, the user may also need permission to perform the action on a functionality.

Personally identifiable information: Any information that alone or in conjunction with other information identifies an individual, including Social Security numbers, driver’s license numbers, military ID numbers, passport ID numbers, passwords/PINs, personal accounts, credit card numbers, protected health information, financial information, criminal history records, unpublished home addresses or phone numbers, biometric data, and any other information that is deemed confidential by law or university policy.

Physical security: Area of knowledge concerned with creating and enhancing the safety and security of a physical space and the physical assets contained therein.

Physical security control: Devices and means to control physical access to sensitive information and to protect the availability of the information. Examples are physical access systems (fences, mantraps, guards); physical intrusion detection systems (motion detector, alarm system); and physical protection systems (sprinklers, backup generator).

PIN: Personal identification number – typically associated with systems using a physical security card (ATMs) together with a short number to authenticate an individual.

Plaintext data: Data in a form readable by anyone having access to the system on which it is stored or to the network over which it is transmitted.

Planning: The planning or plan is simply based on a previous work approach to an action that is going to be carried out.

Portable computing device: Any handheld portable device capable of performing basic computer tasks such as chat, email, web browsing, and storing information – smart phones, tablet computers (iPads), and PDAs all fall into this definition.

Privileges: Privileges determine the actions that users can perform in client applications. Privileges determine the actions that users can perform in client applications. A user can be assigned different privileges for each application service of the same service type. The administrator role organizes privileges by levels. Privileges determine the actions that users can perform in client applications. Privileges determine the actions that users can perform in client applications. A user can be assigned different privileges for each application service of the same service type. The administrator role organizes privileges by levels.

Production system: Any University system, software, or application that is used in the daily operations of the University.

Program: Set of instructions written in a computer programming language that performs a specific set of related functions (Microsoft Word, et.al.).

Protected information: Any information provided protection by law, regulation, or other legal means which mandates the methods, controls, processes, and/or procedures to afford such protection. This includes Personally Identifiable Information (PII).

R

Removable media: Any storage device built and intended to be easily connected to and removed from a computer system – examples include memory sticks, pen drives, external hard drives, and CD/DVDs.

Resolution: Returning service through the implementation of a permanent solution or a workaround.

Responsive: It refers mainly to “responsive design” (Responsive web design). This refers to a site or app being accessible and adaptable to any Display.

Responsive Design: Design and development philosophy whose objective is to adapt the appearance of web pages to the device that is being used to view them: smartwatch, smartphones, tablets, laptops, TV.
Risk: Potential that a given set of circumstances and actions will lead to an undesirable outcome – in terms of information this means loss of one or more of (confidentiality, availability, and integrity).

Residual risk: Any risk remaining once controls have been applied.  The amount of residual risk allowed will be determined by the organization’s tolerance for risk.

Risk assessment: The process of identifying, evaluating, and documenting the level of impact that may result from the operation of an information system on an organization’s mission, functions, image, reputation, assets, or individuals. Risk assessment incorporates threat and vulnerability analyses and considers mitigations provided by planned or current security controls.

Risk management: Decisions to accept risk exposures or to reduce vulnerabilities and to align information system risk exposure with the organization’s risk tolerance.

Root access: Most privileged access to a computer system allowing the use, change, and deletion of any and all configuration information, system software, and data.

S

Scheduled change: Formal notification received, reviewed, and approved by the review process in advance of the change being made.

Scheduled outage: Any previously agreed upon period in which a system is not available for normal use. This typically requires specific methods of discussion, approval and scheduling (Change Management).

Security administrator: The person charged with monitoring and implementing security controls and procedures for a system. Whereas each university will have one information security officer, technical management may designate a number of security administrators.

Security incident: Any incident in which the secure configuration of a system has been compromised.

Security incident management: Area of incident management focused on controlling and correcting vulnerabilities, exposures, and compromise of the secure configuration of any system.

Sensitive information: Information maintained by the university that requires special precautions to protect it from unauthorized modification or deletion. Sensitive information may be either public or confidential. It is information that requires a higher than normal assurance of accuracy and completeness. The controlling factor for sensitive information is that of integrity.

Server: Any computer providing a service over the network. Services include, but are not limited to: website publishing, SSH, chat, printing, wireless access, and file sharing.

Single sign-on: Ability for a user to sign in once and have that sign-in allow access to multiple information systems without the need for providing a username and password for each separate system.

Skills/Skillset: Ability that people must have in order to carry out certain specific actions in the workplace.

Spyware: Software that is installed surreptitiously on a computer to intercept or take partial control over the user’s interaction with the computer, without the user’s informed consent. While the term suggests software that secretly monitors the user’s behavior, the functions of spyware include collecting various types of personal information, interfere with control of the computer, changing computer settings, and redirecting web browser activity.

Sprint: t is the name given to each of the cycles or iterations that we are going to have within a Scrum project. They will allow us to have a work rhythm with a predetermined time, the usual duration of a Sprint being about four weeks, although what the methodology says is that it should be between two weeks and a maximum of two months. In each Sprint or each work cycle what we are going to achieve is what is called a deliverable or product increase, which adds value to the customer. It is the name given to each of the cycles or iterations that we are going to have within a Scrum project. They will allow us to have a work rhythm with a predetermined time, the usual duration of a Sprint being about four weeks, although what the methodology says is that it should be between two weeks and a maximum of two months. In each Sprint or each work cycle what we are going to achieve is what is called a deliverable or product increase, which adds value to the customer.

Stage: It is the maximum unit of a flow. It is composed of steps.

Features:

• They can contain 1 or more steps.
• They group steps that are conceptually coherent with each other.
• In flows of the same class / typology, the structure of stages tends to be very similar.
• They are linear. Although they can have leads within the steps they contain.
• The stages are considered both from the front (eg completing a form) or from the back (eg client / non-client validator

Steps: are the minimum unit within a flow. They refer to both front and back actions.

Features

• Several step’s with the same purpose make up a stage
• They may or may not be linear.
• Many times they are associated with the efforts of CTAs
• For the front they make references to components of the toolkit.

Strong password: A strong password is constructed so that it cannot be easily guessed by another user or a “hacker” program. It is typically a minimum number of positions in length and contains a combination of alphabetic, numeric, or special characters and should not be linked to any personal information such as a birth date, Social Security number, and so on.

System administrator: Person responsible for the effective operation and maintenance of information systems, including implementation of standard procedures and controls, to enforce a university’s security policy.

Synchronization: Process whereby information on two systems is shared so that each system’s copy is identical to the other.

System: In the context of IT, any device capable of performing complex functions to provide services by use of hardware, firmware, software, or other programming. Systems may include workstations, desktops, laptops, servers, routers, and switches.

System hardening: Process of enhancing the configuration of a system so that there is greater assurance the system can be used only by authorized users for authorized purposes.

T

Test and development systems: Systems used exclusively for testing or development of software and not used to directly support university operations.

Trojan: Destructive programs-usually viruses or worms-that are hidden in an attractive or innocent-looking piece of software, such as a game or graphics program. Victims may receive a Trojan horse program by email or on portable media, often from another unknowing victim, or may be urged to download a file from a website.

U

Unauthorized disclosure: The intentional or unintentional revealing of restricted information to people who do not have a legitimate need to access that information.

Unscheduled change: Failure to present notification to the formal process in advance of the change being made. Unscheduled changes will only be acceptable in the event of a system failure or the discovery of a security vulnerability.

Unscheduled outage: Any period in which a system is not available for normal use and that lack of availability was not previously discussed, approved, and scheduled.

UPS: An uninterruptible power supply. An electrical apparatus that provides emergency power to a load when the input power source (usually commercial power) fails.

Use/Using: An umbrella term that includes the terms store, process, change, delete, read, and access (and their progressive forms).

User: An individual that is authorized by the information owner to access the resource, in accordance with the information owner’s procedures and rules. The user is any person who has been authorized by the information owner to read, enter, or update that information. The user is the single most effective control for providing adequate security. See OP 44.00 and OP 44.01 for a list of duties and responsibilities.

User experience: User experience is the sum of subjective perceptions that a person has about a product, service or system designed to create or satisfy a need.

User Journey: Journey that users take through an application to achieve a goal.

It is the diagram of the steps and experiences that a user executes or perceives to perform a specific task.

Username: A pseudonym used by a user to access a computer system – typically based on the user’s legal name or some derivative thereof.

User Profile: It is the set of characteristics or preferences that the user has and their way of interacting with a certain digital product. Based on your characteristics, tastes, beliefs and preferences that you enter through the various sites, this is how this profile is formed.

User Research: Refers to research on a user’s experience of a product. That is, their behavior, their motivations and their needs.

V

Virtual private network (VPN): Encrypted connections over a larger network, typically over the Internet, which simulates the behavior of direct, local connections.

Virus: A computer virus refers to a program that enters your computer—often through email or Internet downloads—and makes copies of itself, spreading throughout your computer and files. There is a wide range of computer viruses out there. They can be anything from merely annoying to horribly damaging—deleting files or making your computer inoperable. Viruses attach themselves to an application on a computer and aren’t actually executed until that application is accessed or run.

Vulnerability: Any exploitable aspect of a system or process.

W

Web page: A document on the World Wide Web. Every web page is identified by a unique URL (uniform resource locator).

Web server: A computer that delivers (serves up) web pages.

Website: A location on the World Wide Web, accessed by typing its address (URL) into a web browser. A website always includes a home page and may contain additional documents or pages.

Wireless networking: Transmission of computer-based information over short to medium distances using radio frequencies.

Wireless adhoc networking: Wireless networking in which centralized authorization and infrastructure are not used – this is an unauthorized method of connecting systems to the university network.

World Wide Web: Also referred to as “the Web.” A system of Internet hosts that supports documents formatted in HTML (hypertext markup language), which contain links to other documents (hyperlinks) and to audio, video, and graphic images. Users can access the Web with special applications called browsers, such as Firefox and Microsoft Internet Explorer.

Worm: A program that makes copies of itself elsewhere in a computing system. These copies may be created on the same computer or may be sent over networks to other computers. The first use of the term described a program that copied itself benignly around a network, using otherwise-unused resources on networked machines to perform distributed computation. Some worms are security threats, using networks to spread themselves against the wishes of the system owners and disrupting networks by overloading them. A worm is similar to a virus in that it makes copies of itself, but different in that it need not attach to particular files or sectors at all.