Glossary beginning with R

Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand.

A natural or legal person, public authority, agency, or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients.

A pseudonym that is used in regard to a specific communication partner (e.g., distinct nicknames for different communication partners).

The property of a system, organisation or individual to take corrective action and/or provide a remedy for any party harmed in case of failure to comply with its governing norms.

The act of mitigating a vulnerability or a threat.

Any of the methods available at law for the enforcement, protection or recovery of rights or for obtaining redress for their infringement (judicial/administrative).

An expectation about an entity's behavior based on information about or observations of its past behaviour. It is a form of social control in the context of trust propagation. In a multi-agent system, reputation is the voice the agent is spreading which is not necessarily the truth while image is the actual reputation the agent has for the subject.

The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.

The property of an organisation or individual in relation to an object, process or system of being assigned to take action to be in compliance with the norms.

The property of a system, organisation or individual to take into account input from external stakeholders and respond to queries of these stakeholders.

It is the right for any data subject to obtain from the controller of a processing operation the confirmation that data related to him/her are being processed, the purpose(s) for which they are processed, as well as the logic involved in any automated decision process concerning him or her.

Everyone has the right to know that their personal data are processed and for which purpose. The right to be informed is essential because it determines the exercise of other rights. The right of information refers to the information which shall be provided to a data subject whether or not the data have been obtained from the data subject. The information which must be provided relates to the identity of the controller, the purpose(s) of the processing, the recipients, as well as the existence of the right of access to data and the right to rectify the data. The right of information for the person concerned is limited in some cases, such as for public safety considerations or for the prevention, investigation, identification and prosecution of criminal offences, including the fight against money laundering.

It is the right to obtain from the controller the rectification without delay of inaccurate or incomplete personal data.

The right to object has two meanings. First, it is the general right of any data subject to object to the processing of data relating to him or her, except in certain cases such as a specific legal obligation. Where there is a justified objection based on legitimate grounds relating to his or her particular situation, the processing in question may no longer involve those data. It also refers to the specific right of any data subject to be informed, free of charge, before personal data are first disclosed to third parties or before they are used on their behalf for the purposes of direct marketing, and to object to such use without justification.

A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of 1) the adverse impacts that would arise if the circumstance or event occurs; and 2) the likelihood of occurrence.

Systematic use of information to identify sources and to estimate risk.

Overall process of risk analysis and risk evaluation

Activity to assign values to the probability and consequences of a risk.

Process of comparing the estimated risk against given risk criteria to determine the significance of the risk.

Coordinated activities to direct and control an organization with regard to risk.

A pseudonym that is chosen for the use in a specific role (e.g., patient or customer).

A pseudonym that is used for a specific combination of a role and communication partner.

A constraint on a system specification.