8 Technical Terms HR Needs to Know to Understand Data Security
Let’s face it. IT-speak does not come naturally to most HR leaders. It’s not necessarily what you’re trained in. Who really knows what “encrypted at rest” means, anyway? And why does it matter?
HR leaders are increasingly being asked to dive into the murky waters of cloud technology and data security, and to be able to discuss what they find with their IT people and the C-suite, a quick refresh on technical terms can go a long way. Here are 8 technical terms that HR should know to help bridge the gap when discussing HR technology security and risk.1. Full code review – a systematic examination (often known as peer review) of computer source code intended to find and fix mistakes overlooked in the initial development phase.
2. Annual network penetration testing – Penetration testing is an intentional attack on a computer system with the intention of finding security weakness and potentially gaining access to it, its functionality, and data.
3. Quarterly application vulnerability scans – A security technique used to identify security weaknesses in a computer system. It can be used by individuals or network administrators for security purposes, or it can be used by hackers attempting to gain unauthorized access to computer systems.
4. Intrusion prevention systems – Provides policies and rules for network traffic along with an intrusion-detection system for alerting system or network administrators to suspicious traffic.
5. Regression testing – Retesting the unchanged parts of an application. Test cases are re-executed to check whether previous functionality of the application is working and that new changes have not introduced any bugs.
6. SSAE 16 audit – An audit of the internal controls that a service organization—an entity that performs a specialized task or function for other entities—has on the data in its system.
7. IT risk assessment audit – A systematic process for identifying and evaluating events (I.e., possible risks and opportunities) that could affect the achievement of objectives, positively or negatively. Such events can be identified in the external environment and within an organization’s internal environment.
8. Annual HIPPA and PHI data training – Data training that ensures that system administrators and solution designers recognize situations in which confidential information and protected health information can be mishandled, practical ways to protect the privacy and security of sensitive information, and how employees will be held responsible if they improperly handle confidential or protected health information.
