Digital Safety Glossary for
K-12 Schools

  • Allow list -

    Allow list

    A list of applications or websites that an organization or network manager considers trustworthy enough to access. Also called a “permit list” (formerly “whitelist”).

  • Antispyware -


    A software program that detects, removes, and prevents spyware infections. (See Spyware)

  • Artificial Intelligence (AI) -

    Artificial Intelligence (AI)

    The ability for a machine to perceive, analyze, and make inferences based on data sets or other information.

  • Authenticate -


    To verify the identity of a user or process.

  • Authorization -


    Granting someone access to a resource.

  • Behavior Monitoring -

    Behavior Monitoring

    Observing and analyzing the behavior of students online to look for patterns that indicate cyberbullying, self-harm, violent ideation, or other concerning behaviors.

  • Blacklist -


    Outdated term for a blocklist. (See Blocklist)

  • Blocklist -


    A list of applications or websites that an organization or network manager has chosen to prevent users from accessing.

  • Children's Internet Protection Act ("CIPA") -

    Children's Internet Protection Act ("CIPA")

    Legislation enacted by Congress in 2000 to reduce students’ access to obscene and harmful web content. CIPA imposes requirements on schools and libraries that receive discounts through the federal E-rate program, such as the requirement to have a web filter in place.

  • Children's Online Privacy Protection Rule ("COPPA") -

    Children's Online Privacy Protection Rule ("COPPA")

    Legislation enacted in 1998 to regulate how personal data is collected online from children under 13, as well as what must be included in privacy policies, when and how parent or guardian consent is needed, and guidelines for marketing to children under 13.

  • Content Filter/-ing -

    Content Filter/-ing

    A solution that allows or denies access to websites and other content, typically to limit cyber risks, inappropriate content, and/or digital distractions.

  • Continuity Plan -

    Continuity Plan

    A documented strategy for limiting the impact of a disaster or emergency on regular school operations.

  • Critical Infrastructure -

    Critical Infrastructure

    IT assets that are essential for a school to function, such as digital devices, WiFi, and safety solutions.

  • Cyber Attack -

    Cyber Attack

    A digital attempt to breach or damage a school’s network and/or data.

  • Cyber Exercise -

    Cyber Exercise

    A simulation of a cyber attack or information security threat planned by an organization in order to test or practice its cyber response strategy.

  • Cyber Infrastructure -

    Cyber Infrastructure

    The solutions that comprise a school’s IT infrastructure, including but not limited to software, devices, servers, communications equipment and other systems that enable digital access and storage.

  • Cyber Intelligence -

    Cyber Intelligence

    The collection and analysis of threat data, performed with the aim of understanding the current mentality and strategies of cyber criminals.

  • Cyberbullying -


    Using digital communication to bully another person, such as through harassment, impersonation, exclusion, or cyberstalking.

  • Cybersecurity -


    The measures taken to protect school networks, devices, and data against unauthorized access or use. 

  • Cybersecurity and Infrastructure Security Agency (CISA) -

    Cybersecurity and Infrastructure Security Agency (CISA)

    An agency of the U.S. Department of Homeland Security (DHS) that is responsible for leading the national effort to understand, manage, and reduce risk to cyber and physical infrastructure across all levels of government.

  • Cybersecurity Awareness Month -

    Cybersecurity Awareness Month

    Takes place in October each year since 2004 to bring recognition to the importance of protecting one’s data and technology from online threats. Founded as a collaborative effort between CISA and the NCA.

  • Data Breach -

    Data Breach

    The unauthorized access and exfiltration or retrieval of sensitive digital information by an individual, group, or other system.

  • Data Loss Prevention (DLP) -

    Data Loss Prevention (DLP)

    The practice of detecting and preventing data breaches and other unauthorized access to, exfiltration of, and/or destruction of data, especially sensitive data. 

  • Data Theft -

    Data Theft

    Unauthorized and illegal transfer of sensitive data, such as personal information or passwords.

  • Decryption -


    The process of decoding data that has been encrypted in order to make it understandable.

  • Digital Citizenship -

    Digital Citizenship

    Adherence to the set of rules, norms, and guidelines that define the proficient, polite, and legal usage of digital assets and programs.

  • Digital Forensics -

    Digital Forensics

    The investigation of digital evidence following a cybercrime.

  • Digital Safety -

    Digital Safety

    The solutions, policies, and practices a school has in place to limit risks and threats, including cyber threats and concerning student behavior.

  • DNS Filter/-ing -

    DNS Filter/-ing

    Uses the Domain Name System to recognize and block malicious websites and harmful or inappropriate content.

  • DNS Resolver -

    DNS Resolver

    A DNS lookup tool used to convert a host’s domain name into its IP address.

  • Domain Name System (DNS) -

    Domain Name System (DNS)

    The naming system that associates domain names with IP addresses.

  • Encryption -


    The process of converting text into code or cypher to make it unreadable by cyber criminals and other prying eyes.

  • Endpoint Protection -

    Endpoint Protection

    Security software and solutions designed to protect the assets that are the last touch point of their network, typically computers and other personal devices.

  • Exfiltration -


    The transfer of data to unauthorized, external individuals or servers, typically by a cyber thief or malware.

  • Firewall -


    A digital safety solution designed to restrict internet traffic coming to or from unsafe or unauthorized sources.

  • Friendly WiFi -

    Friendly WiFi

    The safe certification standard for public WiFi established by the U.S. government, the receipt of which requires blocking access to pornography and images and videos of child sexual abuse.

  • Hacker -


    A person who uses non-standard means to achieve a goal or overcome a technical obstacle, such as cyphering an organization’s encryption or bypassing their password protection.

  • Hashing -


    An algorithm used to make stored data unreadable and — unlike encryption — unable to be decoded. 

  • Information Sharing -

    Information Sharing

    The electronic or verbal exchange of data between organizations, people, or technologies.

  • Information Technology -

    Information Technology

    A general term for the computers, software and networks used by schools to access, store, and create digital resources and organize data and information.

  • Internet Filter/-ing -

    Internet Filter/-ing

    A solution that blocks access to malicious, suspicious, or blocklisted web sites.

  • Internet safety policy -

    Internet safety policy

    An organization’s established rules of engagement for safe online use, including any safety solutions or other protective measures the organization has put in place.

  • Internet Watch Foundation ("IWF") -

    Internet Watch Foundation ("IWF")

    A UK-based, not-for-profit organization that exists to help child victims of sexual abuse by “hunting down and removing any online record of the abuse.”

  • Interoperability -


    The ability of distinct systems, devices, applications or products to connect and exchange information without assistance from the end user.

  • IP Address -

    IP Address

    A unique set of numbers that identifies a device using the internet.

  • JavaScript code -

    JavaScript code

    Code written in the JavaScript language, which enables coders to create dynamically updating content, control multimedia, animate images, and more.

  • Keeping Children Safe in Education (KCSiE) -

    Keeping Children Safe in Education (KCSiE)

    Statutory guidance from the U.K. Department for Education (DfE) that explains the legal duties of schools to safeguard and promote the well-being of children under the age of 18. It includes hiring and training guidelines, among others.

  • Keystroke Monitoring -

    Keystroke Monitoring

    The use of software to track and log all keyboard activity by a user, across web browsers, emails, applications, and other programs. Schools may use it to track concerning student conversations and behavior, such as those that imply cyberbullying, self-harm, or other acts of violence.

  • Malware -


    Short for “malicious software.” Any software designed to damage, destroy, or steal data from a device or computer system. 

  • Mitigation -


    The policies, solutions, and processes a school uses to prevent security breaches and reduce their harmful effects.

  • National Cybersecurity Alliance (NCA) -

    National Cybersecurity Alliance (NCA)

    A non-profit organization that advocates for and educates people on the safe use of technology. The NCA facilitates communication and partnerships between governments and corporations.

  • Network -


    Two or more digital devices that are connected and can communicate, either through a wired or wireless connection.

  • Nework Resilience -

    Network Resilience

    The ability of a network to continue providing an acceptable level of operation even when disruptions or challenges are present. 

  • Off-Network Filter/-ing -

    Off-Network Filter/-ing

  • Passive Attack -

    Passive Attack

    A cyber attack that involves spying on the victim, for example by monitoring unencrypted messages like emails being sent to and from the victim, analyzing the metadata transmitted in a victim’s network traffic, or scanning a device for vulnerabilities.

  • Password -


    A set of characters used to gain access to a digital device, application, or other system.

  • Personal Identifying Information (PII) -

    Personal Identifying Information (PII)

    Personal information that can be used alone or in conjunction with other information to identify an individual. Can be sensitive (e.g. name and Social Security number) or non-sensitive (e.g. zip code).

  • Phishing -


    A scam in which a cyber actor tricks an internet user into downloading malware and/or providing PII, financial, or other confidential information. Phishing scams are often delivered via email.

  • Phishing Drill -

    Phishing Drill

    A security measure in which a school creates their own phishing email and distributes it to staff to discover and educate anyone who falls for the scam.

  • Preparedness -


    The strategic process of ensuring a school or school system has developed, tested, and validated its capability to prevent, mitigate, and recover from a cyber incident.

  • Ransomware -


    A type of malware that locks up the victim’s data under threat of deletion or indefinite lockdown until a monetary ransom is paid, typically in cryptocurrency.

  • Real-Time -


    Typically refers to operations that occur near-instantly, such as the processing of data or communications.

  • Recovery -


    The process of maintaining or regaining basic operations following a cyber incident, such as by restoring systems using backups.

  • Redundancy -


    The act of having multiples of critical data and infrastructure, such as data backups, additional power supply, and additional hardware components in case of emergency or outage.

  • Response Plan -

    Response Plan

    A school or school system’s documented procedures for identifying, responding to, and recovering from a cyber incident.

  • Risk Assessment -

    Risk Assessment

    The process of identifying and prioritizing any risks to a school or school system’s operations, assets, or individuals.

  • SafeSearch -


    An optional Google Search and Google Images feature that acts as an automated filter of potentially offensive and inappropriate content.

  • Secure DNS server -

    Secure DNS server

    A DNS Server that checks the IP addresses of incoming web traffic to determine whether it’s malicious or safe.

  • Software -


    Instructions that tell a computer what to do, comprising all applications, protocols, and processes used on a device.

  • Span -


    Unsolicited messages sent to a large number of people, often via email or text, and typically for commercial gain.

  • Spoofing -


    Disguising a communication as being from a source the recipient knows and trusts, such as by mimicking a colleague or financial institution’s email address.

  • Spyware -


    Malicious software that gather and exfiltrates data from a device without the user’s knowledge or permission.

  • System Administration -

    System Administration

    The act of maintaining all infrastructure and IT systems for a school or school system.

  • The Prevent Duty -

    The Prevent Duty

    The duty of people in positions of power, such as school administrators and teachers, to keep students and other people safe from the threat of terrorism, specifically by preventing people from being drawn into terrorist organizations or ideals. 

  • Threat -


    A malicious digital act that seeks to disrupt digital operations, steal data, or damage data. Examples include malware, viruses, Denial of Service (DoS) attacks, and other cyber attacks.

  • Threat Actor -

    Threat Actor

    The cyber criminal(s) who are responsible for creating and/or launching the threat.

  • Threat Assessment -

    Threat Assessment

    A process for evaluating and assessing the likelihood of perceived cyber threats against a school or school system.

  • Threat Intelligence -

    Threat Intelligence

    A process for understanding a threat actor’s motives, targets, and attack behaviors using data from previous attacks.

  • Trojan Horse -

    Trojan Horse

    A type of malware that is usually disguised as a legitimate computer program but has the ability to damage and/or steal data from the infected system.

  • Unauthorized Access -

    Unauthorized Access

    The act of gaining entry to a computer network, application, file, or other resource(s) without permission.

  • Uniform Resource Locator (URL) -

    Uniform Resource Locator (URL)

    A web page or document’s digital address.

  • URL filter/-ing -

    URL filter/-ing

    A type of web filter that compares all incoming web traffic against a URL filtering database in order to determine whether it should permit or deny access.

  • Virus -


    A computer program that can replicate itself and infect a device without the user’s knowledge or permission, typically in order to corrupt or delete data.

  • Vulnerability -


    Any weakness in a school or school system’s IT that can be exploited by threat actors.

  • Web Filter -

    Web Filter

    Software that restricts what websites a user can access, for example by blocking suspicious websites as well as websites that have been deemed inappropriate by a System Administrator or other leader.

  • Zero-day threats -

    Zero-day threats

    Malware or other threats that take advantage of software or hardware vulnerabilities that the product’s makers haven’t yet discovered or fixed.