Glossary

Digital Transformation

A strategic process in which nations adopt and integrate digital technologies to existing operations and services.

Stakeholders

Individuals and entities invested in the decisions, activities and outcomes of a Digital Transformation initiative.

Civil Registration and Vital Statistics (CRVS)

A well-functioning civil registration and vital statistics (CRVS) system registers all births and deaths, issues birth and death certificates, and compiles and disseminates vital statistics, including cause of death information. It may also record marriages and divorces.

Software Bill of Materials (SBOM)

List of all the open source and third-party components present in a codebase. An SBOM also lists the licenses that govern those components, the versions of the components used in the codebase, and their patch status, which allows security teams to quickly identify any associated security or license risks.

Digital Public Good (DPGs)

Public goods in the form of software, data sets, AI models, standards or content that are generally free cultural works and contribute to sustainable national and international digital development designed to service public interest. DPGs are often characterized by their accessibility and affordability. Digital public goods work like digital treasures available for everyone to use and enjoy. Think about a big book library — except instead of books, it is packed with digital objects like software, datasets, and useful resources. These belongings are particular in that they’re priceless and available for all to utilize. Several international agencies, including UNICEF and UNDP, are exploring DPGs as a possible solution to address the issue of digital inclusion, particularly for children in emerging economies. Visit https://digitalprinciples.org/ for more information.

Penetration Test (Pen Test)

An authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The test is performed to identify weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system’s features and data, as well as strengths, enabling a full risk assessment to be completed.

Common Vulnerabilities and Exposures (CVE)

A weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability. Mitigation of the vulnerabilities in this context typically involves coding changes, but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety).

Continuous Integration and Continuous Delivery or Deployment (CI/CD)

A set of practices in software development that aims to speed up and streamline the software development lifecycle. CI/CD is a key part of DevOps, which encourages collaboration between operations and development teams. Platforms such as Gitlab and Github are examples of CI/CD tools.

DevSecOps (Development, Security, Operations)

An examination of the deployment strategies, security measures, and operational best practices to ensure a secure and efficient delivery and operation of the application. A practice in application security that involves introducing security earlier in the software development life cycle. It also expands the collaboration between development and operations teams to integrate security teams in the software delivery cycle and workflow of continuous integration and continuous delivery (CI/CD).

Application Programming Interface (API)

A way for two or more computer programs to communicate with each other. It simplifies software development by enabling applications to exchange data and functionality easily and more securely by providing a set of definitions and protocols to build and integrate application software.

Content-Security-Policy (CSP)

The name of a HTTP response header that modern browsers use to enhance the security of the document (or web page). The Content-Security-Policy header allows you to restrict which resources (such as JavaScript, CSS, Images, etc.) can be loaded, and the URLs that they can be loaded from.

Open Web Application Security Project (OWASP)

The Open Web Application Security Project, or OWASP, is an international non-profit organization dedicated to web application security.

OpenID Connect (OIDC)

OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework. Targeted toward consumers, OIDC allows individuals to use single sign-on (SSO) to access relying party sites using OpenID Providers (OPs), such as an email provider or social network, to authenticate their identities. It provides the application or service with information about the user, the context of their authentication, and access to their profile information.