Welcome » IT Booklets » Operations » Appendix B: Glossary
A B C D E F H I L M N O P R S T U V W Z
AAccess - The ability to physically or logically enter or make use of an IT system or area (secured or unsecured). The process of interacting with a system.Administrator privileges - Computer system access to resources that are unavailable to most users. Administrator privileges permit execution of actions that would otherwise be restricted.Air-gapped environment - Security measure that isolates a secure network from unsecure networks physically, electrically, and electromagnetically.Asset - In computer security, a major application, general-support system, high-impact program, physical plant, mission-critical system, personnel, equipment, or a logically-related group of systems.BBaseline configuration - A set of specifications for a system, or configuration item (CI) within a system, that has been formally reviewed and agreed on at a given point in time and that can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, or changes.Border router - A device located at the organization’s boundary to an external network.CChange management - The broad processes for managing organizational change. Change management encompasses planning, oversight or governance, project management, testing, and implementation.Critical system (infrastructure) - The systems and assets, whether physical or virtual, that are so vital that the incapacity or destruction of such may have a debilitating impact.Cyber event - A cybersecurity change or occurrence that may have an impact on organizational operations (including mission, capabilities, or reputation).DData center - A facility that houses an institution’s most important information systems components, including computer systems, telecommunications components, and storage systems. Data loss prevention (DLP) - A comprehensive approach (covering people, processes, and systems) of implementing policies and controls designed specifically to discover, monitor, and protect confidential data wherever it is stored, used, or in transit over the network and at the perimeter.Database - A collection of data that is stored on any type of computer storage medium and may be used for more than one purpose.Direct access storage device (DASD) - A magnetic disk storage device historically used in mainframe environments. DASD may also include hard drives used in personal computers. DSL - Digital subscriber line. A technology that uses existing copper telephone lines and advanced modulation schemes to provide high-speed telecommunications to businesses and homes. EEncryption - A data security technique used to protect information from unauthorized inspection or alteration. Information is encoded so that data appears as a meaningless string of letters and symbols during delivery or transmission. Upon receipt, the information is decoded using an encryption key.End-of-life - All software products have life cycles. End-of-life refers to the date when a software development company no longer provides automatic fixes, updates, or online technical assistance for the product.Enterprise network - The configuration of computer systems within an organization. Includes local area networks (LANs), wide area networks (WANs), bridges, applications, etc.External Connections - An information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.FFibre channel - A high performance serial link supporting its own, as well as higher-level protocols such as the small computer system interface, high performance parallel interface framing protocol and intelligent peripheral interface. The Fibre Channel standard addresses the need for very fast transfers of large amounts of information. The fast (up to 1 Giga byte per second) technology can be converted for LAN technology by adding a switch specified in the Fibre Channel standard that handles multipoint addressing. Fibre Channel gives users one port that supports both channel and network interfaces, unburdening the computers from large number of input and output (I/O) ports. Fibre Channel provides control and complete error checking over the link. Firewall - A hardware or software link in a network that relays only data packets clearly intended and authorized to reach the other side. Frame relay - A high-performance WAN protocol that operates at the physical and data link layers of the Open Systems Interconnect (OSI) reference model. Frame Relay is an example of a packet-switched technology. Packet-switched networks enable end stations to dynamically share the network medium and the available bandwidth. Frame relay uses existing T-1 and T-3 lines and provides connection speeds from 56 Kbps to T-1.FTP (file transfer protocol) - A standard high-level protocol for transferring files from one computer to another, usually implemented as an application level program.HHBA - Host bus adapter. A host bus adapter provides I/O processing and physical connectivity between a server and storage. As the only part of a storage area network that resides in a server, HBAs also provide a critical link between the storage area network and the operating system and application software. Hub - Simple devices that pass all data traffic in both directions between the LAN sections they link. Hubs forward every message they receive to the other sections of the LAN, even those that do not need to go there. HVAC - Heating, ventilation, and air conditioning.Hypervisor - A piece of software that provides abstraction of all physical resources (such as central processing units, memory, network, and storage) and thus enables multiple computing stacks (consisting of an operating system, middleware and application programs) called virtual machines to be run on a single physical host.II/O - Input/output.Infrastructure - Describes what has been implemented by IT architecture and often include support facilities such as power, cooling, ventilation, server and data redundancy and resilience, and telecommunications lines. Specific architecture types may exist for the following: enterprise, data (information), technology, security, and application.Internet service provider (ISP) - A company that provides its customers with access to the Internet (e.g., AT&T, Verizon, CenturyLink).Intrusion detection system (IDS) - Software/hardware that detects and logs inappropriate, incorrect, or anomalous activity. IDS are typically characterized based on the source of the data they monitor: host or network. A host-based IDS uses system log files and other electronic audit data to identify suspicious activity. A network-based IDS uses a sensor to monitor packets on the network to which it is attached.iSCSI - Internet small computer system interface. An Internet protocol based storage networking standard for linking data storage facilities, used to facilitate. iSCSI is data transfers over intranets and to manage storage over long distances.ISDN - Integrated systems digital networking. A hierarchy of digital switching and transmission systems that provides voice, data, and image in a unified manner. ISDN is synchronized so that all digital elements communicate in the same protocol at the same speed.LLAR - Legal amount recognition. The handwritten dollar amount of the check.MMainframe - An industry term for a large computer, typically used for the commercial applications of businesses and other large-scale computing purposes. Generally, a mainframe is associated with centralized rather than distributed computing. Media - Physical objects that store data, such as paper, hard disk drives, tapes, and compact disks (CDs).Midrange - Computers that are more powerful and capable than personal computers but less powerful and capable than mainframe computers.MIPS - Millions of instructions per second. A general measure of computing performance and, by implication, the amount of work a larger computer can do.Mirroring - A process that copies data to multiple disks over a computer network in real time or close to real time. Mirroring reduces network traffic, ensures better availability of the website or files, or enables the site or downloaded files to arrive more quickly for users close to the mirror site.MIS - Management information systems. A general term for the computer systems in an enterprise that provide information about its business operations. Mobile device - A portable computing and communications device with information-storage capability. Examples include notebook and laptop computers, cellular telephones and smart phones, tablets, digital cameras, and audio recording devices.NNAS - Network attached storage. Hard disk storage set up with its own network address rather than being attached to the department computer that is serving applications to a network's workstation users. By removing storage access and its management from the department server, both application programming and files can be served faster because they are not competing for the same processor resources. The network-attached storage device is attached to a local area network (typically, an Ethernet network) and assigned an IP address. File requests are mapped by the main server to the NAS file server.National Institute of Standards and Technology (NIST) - An agency of the U.S. Department of Commerce that works to develop and apply technology, measurements, and standards. NIST developed a voluntary cybersecurity framework based on existing standards, guidelines, and practices for reducing cyber risks to critical infrastructures.Network - Two or more computer systems grouped together to share information, software, and hardware.Network administrator - The individual responsible for the installation, management, and control of a network.Network diagram - A description of any kind of locality in terms of its physical layout. In the context of communication networks, a topology describes pictorially the configuration or arrangement of a network, including its nodes and connecting communication lines.OOperating system - A system that supports and manages software applications. Operating systems allocate system resources, provide access and security controls, maintain file systems, and manage communications between end users and hardware devices.Outsourcing - The practice of contracting with another entity to perform services that might otherwise be conducted in-house. Contracted relationship with a third party to provide services, systems, or support.PPatch - Software code that replaces or updates other code. Frequently patches are used to correct security flaws.PBX - Private branch exchange. A telephone system within an enterprise that switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines.Penetration test - The process of using approved, qualified personnel to conduct real-world attacks against a system to identify and correct security weaknesses before they are discovered and exploited by others. Platform - The underlying computer system on which applications programs run. A platform consists of an operating system, the computer system's coordinating program, which in turn is built on the instruction set for a processor or microprocessor, and the hardware that performs logic operations and manages data movement in the computer. POD - Proof of deposit. The verification of the dollar amount written on a negotiable instrument being deposited. POTS - Plain old telephone system. Basic telephone service.Privileged access - Individuals with the ability to override system or application controls.RRAID - Redundant array of independent disks. The use of multiple hard disks to store the same data in different places. By placing data on multiple disks, I/O operations can overlap in a balanced way, improving performance. Since multiple disks increase the mean time between failures (MTBF), storing data redundantly also increases fault-tolerance. Real-time network monitoring - Immediate response to a penetration attempt that is detected and diagnosed in time to prevent access.Recovery site - An alternate location for processing information (and possibly conducting business) in an emergency. Usually distinguished as “hot” sites that are fully configured centers with compatible computer equipment and “cold” sites that are operational computer centers without the computer equipment.Remote access - The ability to obtain access to a computer or network from a remote location.Remote deposit capture (RDC) - A service that enables users at remote locations to scan digital images of checks and transmit the captured data to a financial institution or a merchant that is a customer of a financial institution.Removable media - Portable electronic storage media, such as magnetic, optical, and solid-state devices, which can be inserted into and removed from a computing device and which is used to store text, video, audio, and image information. Such devices have no independent processing capabilities. Examples include hard disks, floppy disks, zip drives, compact disks (CD), thumb drives, pen drives, and similar storage devices.Risk assessment - A prioritization of potential business disruptions based on severity and likelihood of occurrence. The risk assessment includes an analysis of threats based on the impact to the institution, its customers, and financial markets, rather than the nature of the threat. Rlogin - Remote login. A UNIX utility that allows a user to login to a remote host on a network, as if it were directly connected, and make use of various services. Remote login is an information exchange between network-connected devices where the information cannot be reliably protected end-to-end by a single organization’s security controls. Rogue wireless access - An unauthorized wireless node on a network.SSandbox - A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized. SAS 70 report - An audit report of a servicing institution prepared in accordance with guidance provided in the American Institute of Certified Public Accountant's Statement of Auditing Standards Number 70.Scalability - A term that refers to how well a hardware and software system can adapt to increased demands. For example, a scalable network system would be one that can start with just a few nodes but can easily expand to thousands of nodes. Scalability can be a very important feature because it means the entity can invest in a system with confidence they will not quickly outgrow it. SCSI - Small computer systems interface (pronounced ”scuzzy”). A standard way of interfacing a computer to disk drives, tape drives, and other devices that require high-speed data transfer. Also, a secondary SAN protocol that allows computer applications to talk to storage devices.Security log - A record that contains login and logout activity and other security-related events and that is used to track security-related information on a computer system. Server - A computer or other device that manages a network service. An example is a print server, which is a device that manages network printing.Service level agreement (SLA) - Formal documents between an institution and its third-party provider that outline an institution’s predetermined requirements for a service and establish incentives to meet, or penalties for failure to meet, the requirements. SLAs should specify and clarify performance expectations, establish accountability, and detail remedies or consequences if performance or service quality standards are not met.SQL Injection Attack - An exploit of target software that constructs structure query language (SQL) statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database. Storage area network (SAN) - A high-speed special-purpose network (or sub-network) that connects different types of data storage devices with associated data servers on behalf of a larger network of users. Storage virtualization - The process of taking many different physical storage networks and devices, and making them appear as one “virtual” entity for purposes of management and administration.Switch - A device that connects more than two LAN segments that use the same data link and network protocol. System administration - The process of maintaining, configuring, and operating computer systems.TT-1 line - A special type of telephone line for digital communication and transmission. T-1 lines provide for digital transmission with signaling speed of 1.544Mbps (1,544,000 bits per second). This is the standard for digital transmissions in North America. Usually delivered on fiber optic lines.TCP/IP - Transmission control protocol/Internet protocol. A communication standard for transmitting data packets from one computer to another. TCP/IP is used on the Internet and other networks. The two parts of TCP/IP are TCP, which deals with constructions of data packets, and IP, which routes them from machine to machine. Telnet - An interactive, text-based communications session between a client and a host. It is used mainly for remote login and simple control services to systems with limited resources or to systems with limited needs for security.Threat intelligence - The acquisition and analysis of information to identify, track, and predict cyber capabilities, intentions, and activities that offer courses of action to enhance decision-making. Total cost of ownership (TCO) - The true cost of ownership of a computer or other technology system that includes original cost of the computer and software, hardware and software upgrades, maintenance, technical support, and training.Trusted zone - A channel in which the end points are known and data integrity is protected in transit. Depending on the communications protocol used, data privacy may be protected in transit. Examples include secure socket layer, internet protocol security and a secure physical connection. UUS-CERT - The U.S. Computer Emergency Readiness Team, part of the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center. US-CERT is a partnership between the Department of Homeland Security and the public and private sectors, established to protect the nation’s Internet infrastructure. US-CERT coordinates defense against and responses to cyber attacks across the nation. VVESDA - Very early smoke detection alert. A system that samples the air on a continuing basis and can detect fire at the pre-combustion stage.Virtual machine - A software emulation of a physical computing environment. Virtual private network (VPN) - A computer network that uses public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. VOIP - Voice over Internet protocol. A term used in IP telephony for a set of facilities for managing the delivery of voice information using the Internet Protocol. Vulnerability - A hardware, firmware, or software flaw that leaves an information system open to potential exploitation; a weakness in automated system security procedures, administrative controls, physical layout, internal controls, etc., that could be exploited to gain unauthorized access to information or to disrupt critical processing. WWorkstation - Any computer connected to a local-area network. WORM (Acronym) - Write once, read many times. A type of optical disk where a computer can save information once, can then read that information, but cannot change it.ZZero-day attack - An attack on a piece of software that has a vulnerability for which there is no known patch.