Information Technology Glossary

TERMDEFINITION
Access controlA process or method of limiting access to system objects and resources to authorized principals; enforcement of specified authorization rules based on positive identification of users and the systems or data they are permitted to access; providing access to authorized users while denying access to unauthorized users.
Access control list (ACL)A table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. The most common privileges include the ability to read a file (or all the files in a directory), to write to the file or files, and to execute the file (if it is an executable file, or program).
ActiveWhen referring to business records, “active” records are those used in the conduct of current business.  Active records are often referred to as “production” records.
ArchiveStoring records offline (onto backup tapes, floppy disks, optical disks, etc.).  Also, files containing data no longer in current use but kept in long-term storage (for possible future needs, such as fulfilling legal requirements or being in compliance).
Business continuityUninterrupted stability of systems and operational procedures; or, the degree to which an organization achieves uninterrupted stability.
Cold bootStart a computer (CPU) from its powered-down (off) state; also referred to as a “hard boot”.
Computer security incident response team (CSIRT)A team of computer technicians whose purpose it is to respond to security incidents. Their response may vary according to the seriousness of the event, the risk of further or additional damage, and the type of coordination and notification required.
Designated approving authority (DAA)A person empowered to act (e.g., indicate approval) on behalf of an IT system or subsystem.
ExtranetAn intranet that is accessible to authorized outsiders; a collaborative network that uses Internet technology to link businesses with their suppliers, customers, or other businesses that share common goals.
Gap analysis1. The process of determining, documenting, and approving the variance between business requirements and system capabilities.  2. Determining and analyzing the difference between where you are (point A) and where you want to be (point B), to understand the root causes and figure out the best method of getting from point A to point B.
Internal userAn employee or contractor using Company IT assets in the course of performing a job (task) for the Company.
InternetThe international computer network of networks that connect government, academic and business institutions; the Internet (capitalized) refers specifically to the DARPA Internet and the TCP/IP protocols it uses.
IntranetA private network contained within an enterprise; an organizational network that uses Web technologies for the sharing of information internally.
IT assetAny computer hardware, software, or reference or other supporting material (in printed or other form), including rights and licenses, that is owned or controlled by the Company.
IT disasterA sudden, significant event that may result in the loss or destruction of company information and/or loss of service on the company’s IT network, or intranet.
MalwareShort for “malicious software”; malware is designed to damage, disrupt, or abuse an individual computer or an entire network and/or steal or corrupt an organization’s most valuable and sensitive data.  Viruses, worms, and Trojan horses are examples of malware.
Multi Router Traffic Grapher (MRTG)A tool for monitoring traffic load on network-links.  MRTG generates HTML pages containing graphical images, which provide a live visual representation of traffic.
Network attached storage (NAS)Hard disk storage set up with its own network address rather than being attached to the department computer serving applications to a network’s workstation users.
Network scanScanning a computer network (with specialized scanning software) to detect the presence or absence of computer hardware or software, check configurations, verify software versions, look for security patches, inspect for vulnerabilities, etc.
PhishingA type of security attack that relies on social engineering.  The victim is tricked into revealing sensitive information, based on the human tendency to believe in the security of a brand name because they associate the brand name with trustworthiness.
Production environmentThe database, equipment, documentation, and procedures used in support of live business operations; see “test environment”.
RAIDRedundant Array of Independent Disks; a method of storing the same data in different places (thus, redundantly) on multiple hard disks.
Random samplingA sampling technique whereby a group of subjects (a sample) is selected for study from a larger group (a population), each subject is chosen entirely by chance, and each member of the population has a known, but possibly non-equal, chance of being included in the sample.  By using random sampling, the likelihood of bias should be reduced.
RebootRestart a computer, either by warm booting or cold booting.
RecordIn IT, a record is a data structure aggregating several items of possibly different types.  The items being aggregated are called fields and are usually identified or indexed by field labels.
Request for proposal (RFP)A document that an enterprise sends to a vendor, inviting the vendor to submit a bid for hardware, software, services, or any combination of the three. An organization will typically issue several RFPs to obtain and evaluate competing bids.
RiskPossibility of losing availability, integrity, or confidentiality of IT assets due to a specific threat.  Also, the product of threat level and vulnerability level (threat x vulnerability = risk).
Risk assessmentThe process by which risks are identified and their impact is determined.
Service level agreement (SLA)A binding contract, formally specifying or quantifying a customer’s expectations with regard to solutions and tolerances; a collection of service level requirements, negotiated and mutually agreed upon by the service provider and the consumer.
Smart cardTypically, a credit-card-sized device with a small, embedded computer chip. This card-computer can be programmed to perform tasks and store information.  A smart card is inserted into a smart card reader (commonly called a card terminal), which makes the PC or other smart-card-enabled device available to the user.  The smart card is being considered by some organizations as a substitute for password security.
Social engineeringThe act of obtaining or attempting to obtain otherwise secure data by tricking an individual into revealing secure information.  Social engineering is successful because its victims innately want to trust other people and are naturally helpful.  Also see “phishing”.
SpamUnsolicited commercial e-mail sent in bulk over the Internet.  A frequent malware vector, spam puts a cost and a burden on recipients by clogging up network bandwidth, consuming disk space, and wasting employee time.
SpoofingForging an e-mail header to make it appear as if it came from somewhere or someone other than the actual source. The main protocol used in sending e-mail – SMTP – does not include a way to authenticate. There is an SMTP service extension (RFC 2554) that allows an SMTP client to negotiate a security level with a mail server. But if this precaution is not taken, anyone with the know-how can connect to the server and use it to send spoofed messages by altering the header information.  Also see phishing, social engineering.
Statement of work (SOW)A formal contract or agreement, signed by the client and the service provider, that states at a minimum the scope of work, deliverables, terms and conditions and commercial details. It typically also specifies service level agreement requirements, quality expectations, resource descriptions, and reward-penalty clauses.
Statistically significantA finding (the observed difference between the means of two random samples, for example) is described as statistically significant when it can be demonstrated that the probability of obtaining such a difference by chance only is relatively low.
Storage area network (SAN)A high-speed, special-purpose network or subnetwork connecting different kinds of IT storage devices with data servers on behalf of a large network of users.
Storage mediaIn computers, a storage medium is any technology (including devices and materials) used to place, keep, and retrieve data.   The term “storage medium” usually refers to secondary storage, such as a hard disk or tape.
Subscription serviceA service whereby a software vendor offers support for its product, usually for a predetermined time period.  For example, anti-virus vendors typically include a one-year subscription (for updates, notices, etc.) with the purchase of a product license.  Many vendors also offer fee-based subscription services whereby subscribers automatically receive notifications, security bulletins, etc, related to their products for a set period of time.
System administrationActivities which directly support the operations and integrity of computing systems and their use and which manage their intricacies.  These activities may include – but are not limited to – system installation, configuration, integration, maintenance, performance management, data management, security management, failure analysis and recovery, and user support.
Systems analysisWork that involves applying analytical processes to the planning, design, and implementation of new and improved information systems to meet the business requirements of customer organizations; phase of the SDLC in which the current system is studied and alternative replacement systems are proposed.
Systems development life cycle (SDLC)A method for developing information systems, made up of five main stages: analysis, design, development, implementation, and evaluation. Each stage is further comprised of several components (for example, the development stage includes programming, debugging, testing, and documenting).
TargetThe ultimate goal or destination of an intentional security threat.  Workstations, servers, and databases are typical threat targets.
Test environmentWhere applications, systems, etc., are tested for accuracy, suitability, and performance prior to installation in a “live” or “production” environment.
ThreatExpression of intent to inflict evil, injury, or damage.  A potential security violation.  May be physical or electronic in nature.
Threat assessmentA process by which an organization identifies kinds of threats its IT network might be vulnerable to and where the network is most vulnerable.
Threat modelDetailed description of a given threat and the type and degree of harm it may cause to any portion of an IT network.  In other words, a threat model describes what the threat is, what it does, and how it does it.
Total cost of ownership (TCO)The total price in money, time, and resources of owning and using resources; the purchase price of a product and its transportation cost, plus indirect handling, inspection, quality, rework, maintenance, and all other “follow-on” costs associated with the purchase, including costs of disposal.
TroubleshootIsolate the source of a problem and fix it; a process of elimination, whereby possible sources of the problem are investigated and eliminated, beginning with the most obvious or easiest problem to fix.

In computer systems, the term troubleshoot is often used when the problem is thought to be hardware-related; if the problem is software-related, the term debug usually applies.

VectorHow a threat (virus, worm, etc.) reaches its target.  For example, email is a common malware vector.
VulnerabilityFlaw or weakness in a system’s design, implementation, or operation and management that may be exploited.
Warm bootRestart a computer by way of its operating system (i.e., press “Control-Alt-Delete” to restart Windows OS).  Warm booting normally returns a Windows computer to its initial state without shutting it off.