The data glossary is a descriptive list of data elements collected and maintained to ensure consistency of terminology. The glossary is also found on the State’s Open Data Portal.
|Acceptable Level of Risk
|A judicious, carefully considered, and fully documented assessment by the appropriate Designated Approving Authority (AA) that an information subsystem meets the minimum requirements of applicable security directives. The assessment should take into account and carefully document the sensitivity and criticality of information, threats, vulnerabilities and countermeasures and their effectiveness in compensating for vulnerabilities, and operational requirements.
|A concern that is deemed acceptable to responsible management, due to the cost and magnitude of implementing countermeasures to mitigate the risk.
|A security technique that regulates who or what can view or use resources
|Accountability is (1) The quality or state that enables violations or attempted violations of IT Security to be traced to individuals who may then be held responsible. (2) The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non repudiation, deterrence, fault isolation, intrusion detection and prevention, after-action recovery and legal action.
|Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information.
|Agency Data Officer
|An individual designated by a State unite to implement measure for the secure, efficient, and effective use of data; provide administrative support to the State Chief Data Officer on behalf of the the unit;
receive and promptly address inquiries, requests, or concerns about access to the unit’s data; comply with direction from the State Chief Data Officer as to the use and management of the unit’s data in accordance with Executive Order “01.01.2021.09 State Chief Data Officer”
|Agency Privacy Officer
|An individual designated by a State unit to manage its implementation of reasonable security practices and procedures in compliance with Executive Order “01.01.2021.10 Data Privacy”
|The use of information resources (information and information technology) to satisfy a specific set of users requirements (See Major Application).
|See Security Control Assessment
|Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation.
Adequately met includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software, and (3) sufficient resistance to intentional penetration or bypass.
|A chronological record of system activities which enables the reconstruction and examination of the sequence of events and activities surrounding or leading to an operation, a procedure or an event in a transaction from its inception to final results. The audit log also serves as the chain of custody for the history of use of a record. This term is synonymous with Audit Records and Audit Trails.
|Authentication [FIPS 199]
|The process of verifying the identity of a user, process or device, often as a prerequisite to allowing access to resources in an information system.
|Chief Data Officer
|Individual appointed by the Governor to supervise and direct the use and management of data by units of State government under the supervision and direction of the Governor (“State Units”)
|Chief Information Security Officer
|Individual appointed by the Governor responsibility for the direction, corrodinatio, and implementation of the overall cybersecurity strategy and policy for the Executive Branch of State Government.
|Chief Privacy Officer
|Individual appointed by the Governor to supervise and direct efforts of State units to protect and secure personally identifiable information; develop and manage the implementation of State information privacy policies; establish privacy requirements to be incorporated into agreements to share data; and oversee the conduct of privacy impact assessments.
|Confidential Data (Classification)
|Access to confidential data requires specific authorization and/or clearance. Types of confidential data might include Social Security numbers, cardholder data, etc. This data is usually protected by laws like Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS).
|Criminal Justice Information System (CJIS)
|Governs data collected and protected by the Federal Bureau of Investigations (FBI) but is accessible to local and state law enforcement organizations. Local and state organizations who have access to CJIS data must comply with the CJIS security requirements to protect it.
|Children’s Online Privacy Protection Act (COPPA)
|Governs the connection of information obtained through online/website services relating to children aged 13 and under.
|The state Open Data Act defines data as final versions of statistical or factual information that are consistently produced by a government agency and record information related to the services, objectives, and resources of a governmental agency. The information is displayed in alphanumeric or geospatial form, such as a list, table, graph, chart, or map. Data does not include draft versions of statistical or factual information that are used for internal analysis by a governmental entity.
|The organizational and classification structure of data and metadata, and standardized terms and definitions for data that facilitate system interoperability.
|Data Asset Valuation
|A method for estimating the value of data assets by quantifying the impact on cash flows if the data assets needed to be replaced.
|An indicator and categorization for aiding in the proper management and security of data in use, transit, and at rest.
|This type of data is freely accessible to the public and can be freely used, reused, and redistributed without repercussions.
| This type of data is strictly accessible to internal Agency personnel or internal employees who are granted access.
| Access to confidential data requires specific authorization and/or clearance. Types of confidential data might include Social Security numbers, cardholder data, etc. This data is usually protected by laws like HIPAA and the PCI DSS.
| Data that, if compromised or accessed without authorization, which could lead to criminal charges and massive legal fines or cause irreparable damage to the company.
|Responsible for the content and quality of datasets that are created and maintained by a state agency or state program.
|An individual that is responsible for maintaining quality assurance, quality control, security and storage associated with the data as it relates to the standards set by the data owner.
|A fundamental unit of information that has a unique meaning and distinct data items.
|An end-to-end data integration and management solution, consisting of architecture, data management and integration software, and shared data that helps organizations manage their data. A data fabric provides a unified, consistent user experience and access to data for any member of an organization worldwide and in real-time.
|The exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets with the purpose of ensuring that data is managed properly, according to policies and best practices.
|Data Governance Framework
|A set of rules, processes, and specific duties as it relates to the compliance of the organization’s data management expectations
|The process of aggregating data from various sources into a singular repository.
|The ability of data to be utilized seamlessly across multiple systems.
|A catalog of data assets within an organization. It provides information related to the type of data collected, who can access it, where it’s stored and how it is used.
|A centralized repository that stores both structured and unstructured data.
|A data architecture platform that combines the structured data management features of a data warehouse, with the flexible storage and optimized performance features of a data lake, supporting structured, semi-structured, and unstructured data.
|A description of data as it relates to time. It includes information such as the origin of the data, where it has traveled, and the transformations it underwent.
|The commitment to ensure data remains accessible and usable.
|The development, execution, and supervision of plans, policies, programs, and practices, that deliver, control, protect, and enhance the value of data and information assets throughout their lifecycle.
|A subset of a data warehouse that focuses on a specific set of data to be used by an entity within an organization.
|Identification and improvement of the quality of data within systems.
|A data platform architecture where an organization’s data remains decentralized and managed by domain, but can be accessed, analyzed, queried, and operationalized through a interoperable layer with standards applied.
|An abstract model that organizes elements of data and standardizes how they relate to one another and to the properties of real-world entities.
|An individual or entity that is responsible for data within a specific domain. They typically dictate and establish standards and goals associated with the data, and can authorize or deny access to the data and are responsible for its accuracy, integrity, and timeliness.
|Focuses on the protection of personally identifiable information by government agencies.
|The monitoring and cleansing data, using a systematic, consistent, repeatable, and metrics-based process.
|The state of the data as it relates to accuracy, reliability, consistency, timeliness, validity, and uniqueness.
|Protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or data breach.
|A single measure, usually plotted over time.
|The person with day-to-day management responsibility of individual databases, datasets, or information systems. In general, a data steward has business knowledge of the data and can answer questions about the data itself.
|A scalable alternative to multiple “point-to-point” sharing agreements established through common rules for data security and data privacy.
|An employee, contractor, or other individual affiliated with the State who is eligible and authorized to collect, access and/or use the data. A dataset may have more than one user group.
|A collection of structured data that is populated and filtered from internal and external systems for a specific purpose.
|An electronic system that enables the storage, management, and querying of data.
|A collection of data organized or formatted in a specific or prescribed way. Typically, a dataset consists of one or more tables and is stored in a database or spreadsheet. Files of the following types are not datasets: text documents, emails, messages, videos, recordings, image files such as designs, diagrams, drawings, photographs, and scans, and hard-copy records.
|Extract, Transform, and Load (ETL)
|A three-step process to, 1) Extract data from a source database, 2) Transform the data so that the format can be read by the destination database (in this case, the destination is a dataset on http://data.maryland.gov), and 3) Load the data to the destination database.
|Family Educational Rights and Privacy Act (FERPA)
|Governs the privacy of student education records and applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
|General Data Protection Regulation (GDPR)
|Applies to all organizations, public and private, that store or process the personal data of EU residents.
|High Value Data
|Any data that the department head determines (A) is critical to the operation of an executive branch agency; (B) can increase executive branch agency accountability and responsiveness; (C) can improve public knowledge of the executive branch agency and its operations; (D) can further the core mission of the executive branch agency; (E) can create economic opportunity; (F) is frequently requested by the public; (G) responds to a need and demand as identified by the agency through public consultation; or (H) is used to satisfy any legislative or other reporting requirements.
|Health Insurance Portability and Accountability Act (HIPAA)
|Governs health data created, received, stored, or transmitted by HIPAA covered entities and their business associates in relation to the provision of healthcare, healthcare operations and payment for healthcare services
|Data that is processed, presented, and given context, which in turn makes it meaningful and useful.
|Governs Federal Tax Information (e.g., tax return information) received directly from the IRS or obtained through an authorized secondary source, such as Social Security Administration (SSA), Federal Office of Child Support Enforcement (OCSE), Bureau of the Fiscal Service (BFS), or Centers for Medicare and Medicaid Services (CMS), or another entity acting on behalf of the IRS pursuant to an IRC 6103(p)(2)(B) Agreement.
|Protection of Information by Government Agencies (MD PIGA)
|MD State Govt Code § 10-1301. PII is information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information, to a specific individual. Examples of PII are name, social security number (SSN), address, phone number, email address, biometric data (e.g., fingerprints)
|Data about data. Contains information about the dataset, such as name, publication date, attribution URL, update schedule, and contact information.
|Open Data is any data collected by the state which can be provided to the public. According to the Open Data Act, Open Data is data that – consistent with any applicable laws, rules, regulations, ordinances, resolutions, policies, or other restrictions including requirements or rights associated with the data – has been collected and is permitted, required, or able to make available to the public. Open data includes contractual or other legal orders, restrictions, or requirements. Open data does not include data that if made public would:
● violate another law or regulation that prohibits the data from being made public;
● endanger the public health, safety, or welfare;
● hinder the operation of government, including criminal and civil investigations;
● impose an undue financial, operational, or administrative burden on a state entity; or
● disclose proprietary or confidential information.
|Open Data Portal
|Open Data Portal and Portal refer exclusively to Maryland’s statewide Open Data Portal, http://opendata.maryland.gov. More broadly, the Open Data Portal is a product (Software as a Service, or SaaS), provided by the site’s vendor, Socrata. In other contexts “Portal” can be a shorthand for MD iMAP, http://imap.maryland.gov, Maryland’s mapping Portal.
|States that for many outcomes, roughly 80% of consequences come from 20% of causes.
|Payment Card Industry Data Security Standard (PCI DSS)
|Governs personal data associated to an individual (cardholder) that uses credit, debit and/or cash cards for monetary transactions. Any state organization that collects and/or processes credit card information must abide by PCI-DSS.
|Personally Identifiable Information (PII)
|Any data about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
|Privacy Impact Assessment (PIA)
|An analysis of how data is collected, used, shared, and maintained within an organization to reduce risks related to processing personal data.
|Formal statements that help meet an organizational objective, which are supported by leadership. This answers the question “Why are we doing this?”
|The employee designated by an Agency as the main point of contact and accountability for privacy. Not all Agencies will have a Privacy Officer.
|Detailed processes, approaches, and methods to meet the Policies and Standards. This answers the question “How are we doing this?”
|Any data the public disclosure of which would (A) violate federal or state laws or regulations; (B) endanger the public health, safety or welfare; (C) hinder the operation of the federal, state or municipal government, including criminal and civil investigations; or (D) impose an undue financial, operational or administrative burden on the executive branch agency. “Protected data” includes any records not required to be disclosed pursuant to subsection (b) of section 1-210 of the general statutes.
|Any data collected by an executive branch agency that is permitted to be made available to the public, consistent with any and all applicable laws, rules, regulations, ordinances, resolutions, policies or other restrictions, requirements or rights associated with the data, including, but not limited to, contractual or other legal restrictions, orders or requirements.
|Information that is a public record under the Maryland Public Information Act.
|Publicly Accessible System
|Systems such as Web and FTP applications that are exposed to the Internet and therefore, more vulnerable.
|A group of fields in a dataset that are relevant to a specific entity
|Any access to DoIT ’s managed network through a non-DoIT managed network, device, or medium.
|Restricted Data (Classification)
|Data that, if compromised or accessed without authorization, which could lead to criminal charges and massive legal fines or cause irreparable damage to the company.
|Refers to the general process of removing data from storage media, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed.
|Data that is structured but does not conform to a tabular structure such as those found in relational databases.
|Information that, if divulged, could compromise or endanger the citizens or assets of the State.
|Simple Network Management Protocol (SNMP)
|Simple Network Management Protocol is used in network management systems to monitor network attached devices for conditions that warrant administrative attention.
|Online technologies and practices that people use to share opinions, insights, experiences, and perspectives with each other.
|Secure Shell (SSH)
|Secure Shell is a network protocol that allows data to be exchanged using a secure channel between two computers.
|Service Set Identifier (SSID)
|Service Set Identifier is a name used to identify the particular 802.11 wireless LAN to which a client wants to attach.
|Formal, actionable rules that direct, help enforce, and support policies. This answers the question “What are the requirements to do this?”
|Data that adheres to a predefined schema. It is typically stored in relational databases and can be easily queried.
|Data that does not conform to a predefined schema that includes many irregularities that make it difficult to understand without further normalization. It is typically stored in data lakes and consists of items such as images, videos, and audio files.
|An entity that can or may be potentially harmful to a system.
|Wi-Fi CERTIFIED is a program for testing products to the 802.11 industry standards for interoperability, security, easy installation, and reliability