Seattle.gov Home Page
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Erin Devoto, Director
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Passwords
Securing Your Laptop
Protecting Your Home
Spyware Solutions
Wireless Network Security Solutions
Digital Consumer
Living Digital
Contact Us
Glossary of IT Terms

Information Security

glossary

Glossary A


This glossary contains industry standard and City specific IT terminology. The glossary should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
A B C D E F G H I J K L M
N O P Q R S T U V W X Y Z

Abend / Application Crash
Abort
Access
Access Control
Access Rights
Accidental Damage
ADSL
Ad Hoc Connectivity
Ad Hoc Device
Ad Hoc User
Analog, Analogue
ANSI
Anti-Virus Program
Archive
Audit Log
Audit Trail
Auditor
Authentication
Authorization
Availability


Abend / Application Crash
Abend (derived from 'abnormal end') is where an applications program aborts, or terminated abruptly and unexpectedly. One of the prime reasons for a thorough testing of an organization's applications systems is to verify that the software works as expected. A significant risk to your data is that, if an application crashes it can also corrupt the data file which was open at the time.


Abort
A computer is simultaneously running multiple programs, each of which require the execution of a number of processes, often simultaneously. However, processes will usually interact with other processes and, due to the differences in hardware and load on the system, will execute at varying speeds. A process may abort when it fails to receive the expected input, or is unable to pass the output to a linked process. When a process aborts, it has the same effect as though that process had crashed. Poorly written applications may freeze /hang when one or more processes abort.


Access
Two types of access - Physical and Logical.

  • Physical Access. The process of obtaining use of a computer system, - for example by sitting down at a keyboard, - or of being able to enter specific area(s) of the Organization where the main computer systems are located.
  • Logical Access. The process of being able to enter, modify, delete, or inspect, records and data held on a computer system by means of providing an ID and password (if required). The view that restricting physical access relieves the need for logical access restrictions is misleading. Any Organization with communications links to the outside world has a security risk of logical access. Hackers do not, generally, visit the sites they are hacking in person.- they do it from a distance!
     


Access Control
Physical, procedural, and/or electronic mechanism which ensures that only those who are authorized to view, update, and/or delete data can access that data.


Access Rights
The powers granted to users to create, change, delete, or simply view data and files within a system, according to a set of rules defined by IT and business management. It is not necessarily true that the more senior a person, the more power is granted. For example, most data capture - essentially creating new files or transactions, is performed at relatively junior level, and it is not uncommon for senior management to have access rights only to view data with no power to change it. There are very good Internal Control and Audit reasons for adopting this approach.


Accidental Damage
In relation to Information Security, accidental damage refers to damage or loss, that is caused as a result of a genuine error or misfortune. However, despite the genuine nature of the accident, such incidents can, and should be prevented by awareness, alertness and action. For example, whilst we can all sympathize with the person who has lost their 50 page document through a system crash, there is little excuse for not having made a suitable backup copy from which to recover the situation.


ADSL
ADSL (Asymmetric Digital Subscriber Line) is a relatively new technology for transmitting digital information at high speeds, using existing phone lines (POTS) to homes and business users alike. Unlike the standard dialup phone service, ADSL provides a permanent connection, at no additional cost.  ADSL was specifically designed to exploit the one-way nature of most multimedia communication in which large amounts of information flow toward the user and only a small amount of interactive control information is returned. Several experiments with ADSL to real users began in 1996. In 1998, wide-scale installations began in several parts of the U.S. In 2000 and beyond, ADSL and other forms of DSL are expected to become generally available in urban areas. With ADSL (and other forms of DSL), telephone companies are competing with cable companies and their cable modem services.


Ad Hoc Connectivity
Plugging a non-City owned computing device directly into the network or another City owned workstation while on City premises for the purpose of accessing City applications, the Internet, and/or other City dats sources.



Ad Hoc Device
A City or non-City owned computing device that has not been connected to the City network for a designated period of time. Because it has not been connected, it is considered "untrusted", and assumed to be out of compliance with current operating system and anti-virus patching levels.


Ad Hoc User
Employees, contractors, business partners, etc. who are not normally authorized users, but have a need, on a temporary basis, to connect to the City network to conduct City business


Analog, Analogue
A description of a continuously variable signal or a circuit or device designed to handle such signals. The opposite is 'discrete' or 'digital'. Typical examples are the joysticks or steering wheels associated with flight and driving simulations or air/space combat games.


ANSI
American National Standards Institute which is the main Organization responsible for furthering technology standards within the USA. ANSI is also a key player with the International Standards Organization - ISO.


Anti-Virus Program
Software designed to detect, and potentially eliminate, viruses before they have had a chance to wreak havoc within the system, as well as repairing or quarantining files which have already been infected by virus activity.


Archive
An area of data storage set aside for non-current (old, or historical) records in which the information can be retained under a restricted access regime until no longer required by law or Organization record retention policies. This is a field in which computers have a distinct advantage over older paper files, in that computer files can be 'compressed' when archived to take up far less space on the storage media. Paper records can only be compressed by using microfilm, microfiche, or, more recently, by scanning into a computer system. Whichever system is chosen, care must be exercised to ensure that the records retained meet legal requirements should it ever be necessary to produce these records in a court of law.


Audit Log
Computer files containing details of amendments to records, which may be used in the event of system recovery being required. The majority of commercial systems feature the creation of an audit log. Enabling this feature incurs some system overhead, but it does permit subsequent review of all system activity, and provide details of: which User ID performed which action to which files when etc.  Failing to produce an audit log means that the activities on the system are 'lost'.


Audit Trail
A record, or series of records, which allows the processing carried out by a computer or clerical system to be accurately identified, as well as verifying the authenticity of such amendments, including details of the users who created and authorized the amendment(s).


Auditor
Person employed to verify, independently, the quality and integrity of the work that has been undertaken within a particular area, with reference to accepted procedures.


Authentication
A systematic method for establishing proof of identity.


Authorization
The process of giving someone permission to do or have something; a system administrator defines for the system which which users are allowed access and what privileges they are assigned.


Availability
The assurance that a computer system is accessible by authorized users whenever it is needed or pre-defined.