Welcome » IT Booklets » Development and Acquisition » Appendix B: Glossary
A C D E F I L M N O P R S V Z
AAdministrator Privileges - Allow computer system access to resources that are unavailable to most users. Administrator privileges permit execution of actions that would otherwise be restricted.CChange Management - The broad processes for managing organizational change. Change management encompasses planning, oversight or governance, project management, testing, and implementation.DDatabase - A collection of data that is stored on any type of computer storage medium and may be used for more than one purpose.Distributed Environment - A computer system with data and program components physically distributed across more than one computer.EEnterprise Network - The configuration of computer systems within an organization. Includes local area networks (LANs), wide area networks (WANs), bridges, applications, etc.FFlowcharts - Traditional flowcharts involve the use of geometric symbols, such as diamonds, ovals, and rectangles to represent the sequencing of program logic. Software packages are available that automatically chart programs or enable a programmer to chart a program without the need to draw it manually.Functional Requirements - The business, operational, and security features an organization wants included in a program.IImplementation Plan - A plan that details project management requirements and issues to be addressed during the period between the execution of an outsourcing agreement and the full production use of the outsourced services.LLAN - Local Area Network.Life-Cycle Process - The multi-step process that starts with the initiation, analysis, design, and implementation, and continues through the maintenance and disposal of the system.MMetrics - A quantitative measurement.Milestone - Major project event.NNetwork - Two or more computer systems that are grouped together to share information, software, and hardware.OObject Code - Software program instructions compiled (translated) from source code into machine-readable formats.Operating System - A system that supports and manages software applications. Operating systems allocate system resources, provide access and security controls, maintain file systems, and manage communications between end users and hardware devices.Outsourcing - The practice of contracting with another entity to perform services that might otherwise be conducted in-house. Contracted relationship with a third party to provide services, systems, or support.PPatch - Software code that replaces or updates other code. Frequently patches are used to correct security flaws.Phase - A project segment.Project - A task involving the acquisition, development or maintenance of a technology product.RRisk Management - The total process required to identify, control, and minimize the impact of uncertain events. The objective of a risk management program is to reduce risk and obtain and maintain appropriate management approval.SSandbox - A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized. Script - A file containing active content; for example, commands or instructions to be executed by the computer.Security Log - A record that contains login and logout activity and other security-related events and that is used to track security-related information on a computer system. Source Code - Software program instructions written in a format (language) readable by humans.Spiral Development - An iterative project management model that focuses on the identification of project and product risks and the selection of project management techniques that best control the identified risks.SQL Injection Attack - An exploit of target software that constructs structure query language (SQL) statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database. Systems Development Life Cycle (SDLC) Process - The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation.VVulnerability - A hardware, firmware, or software flaw that leaves an information system open to potential exploitation; a weakness in automated system security procedures, administrative controls, physical layout, internal controls, etc., that could be exploited to gain unauthorized access to information or to disrupt critical processing. ZZero-Day Attack - An attack on a piece of software that has a vulnerability for which there is no known patch.