Seattle.gov Home Page
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Erin Devoto, Director
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Passwords
Securing Your Laptop
Protecting Your Home
Spyware Solutions
Wireless Network Security Solutions
Digital Consumer
Living Digital
Contact Us
Glossary of IT Terms

Information Security

Glossary C


This glossary contains industry standard and City specific IT terminology. The glossary should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
A B C D E F G H I J K L M
N O P Q R S T U V W X Y Z

Cable Modem
Capacity Planning
CCTV
CD / CDROM
CERT
Certification Authority
Change Management
Chat Room
Checksum
Cipher
CISC / RISC
Client
Client-Server
Command Line
Common Criteria for Information Security Evaluation
Code Division Multiple Access (CDMA)
Cold Site
Communications Network
Computer Abuse
Computer System
Computer Viruses
Computing Device
Confidentiality
Console
Contention
Contingency Planning
Controls
Cookie
Copy Protection
Copyright
Corrupt Data
Cost-effective
Cracker
Crash
Crawler
Crippled
Crippleware
CRT
Cryptography
Cutover
Cybercrime
Cyberwar


Cable Modem
Cable companies, such as Comcast, provide Internet access over cable TV coaxial cable. A cable modem accepts this coaxial cable and can receive data from the Internet at over 1.5 Mbps. Cable access to the Internet is currently available in only certain communities.


Capacity Planning
Capacity Planning is the determination of the overall size, performance and resilience of a computer or system. The detailed components of a Capacity Planning initiative will vary, depending upon the proposed usage of the system, but the following should always be considered :

  • the expected storage capacity of the system and the amount of data retrieved, created and stored within a given cycle.
  • the number of on line processes and the estimated likely contention.
  • the required performance and response required from both the system and the network i.e. the end to end performance.
  • the level of resilience required and the and the planned cycle of usage - peaks, troughs and average.
  • the impact of security measures e.g. encryption and decryption of all data.
  • the need for 24x7 operations and the acceptability of downing the system for maintenance and other remedial work.

When capacity planning, the more information available about usage patterns and overall systems' loading, the better. Recently, with the exponential increase in Internet Web site usage, the results from any Capacity Planning have been, at best of limited use, and at worst, useless. The reason is because, it has been almost impossible to predict the possible volume of traffic (hence load) with the result that many sites have simply gone down under the excessive load conditions. Therefore, Capacity Planning needs to consider the real possibility of excess load scenarios and plan accordingly.


CCTV
Close Circuit Television, used as a security device and also a deterrent around office buildings, stores, campus sites, etc. CCTV cameras will usually have their output recorded onto video tape to enable any suspicious activity to be subsequently reviewed.


CD / CDROM
Since their introduction in the early 1980s, CDs - Compact Disks - have gradually replaced the older vinyl disks as a means of music storage. However, whilst the term 'CD' was adopted for CDs which store music, the term CD-ROM (CD Read Only Memory) was adopted by the computer word, despite using the same optical disks. Ironically, the term CDROM still persists despite the fact that CD read / writers have been available for years.


CERT
CERT - the Computer Emergency Response Team, is recognized as the Internet's official emergency team. It was established in the USA by the Defense Advanced Research Projects Agency (DARPA) in 1988 following the Morris computer Worm incident crippled approximately 10% of all computers connected to the Internet. CERT is located at the Software Engineering Institute - a US government funded research and development centre operated by Carnegie Mellon University - and focuses on security breaches, denial-of-service incidents, provides alerts and incident-handling and avoidance guidelines. CERT is also the publisher of Information Security alerts, training and awareness campaigns.


Certification Authority
A trusted third party clearing house that issues Digital Certificates and Digital Signatures. Such certificates include your organization's name, a serial number, and an expiry date. In addition, and to allow for the encryption and decryption of data, the public key of your organization. Finally, the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is valid.


Change Management
The process of scheduling changes (not implementation of changes) that categorizes the change based on risk and scope. Change Management is a process that manages changes for any part of an organization's enterprise IT systems while supporting the actual change by acceptable (customer notification) and approval process.


Chat Room
A feature of the Internet allowing users to 'talk', in real time, through a keyboard to one or more persons in a 'virtual environment'. Recent reports of viruses being transmitted through messages in Chat Rooms have raised the security profile of such activities, and organization's are advised to review the ability of staff to access such facilities.


Checksum
Checksum is a technique whereby the individual binary values of a string of storage locations on your computer are totalled, and the total retained for future reference. On subsequent accesses, the summing procedure is repeated, and the total compared to that derived previously. A difference indicates that an element of the data has changed during the intervening period. Agreement provides a high degree of assurance (but not total assurance) that the data has not changed during the intervening period.

A check sum is also used to verify that a network transmission has been successful. If the counts agree, it is safe to assume that the transmission was completed correctly.


Cipher
A cipher is the generic term used to describe a means of encrypting data. In addition, the term cipher can refer to the encrypted text itself. Encryption ciphers will use an algorithm, which is the complex mathematical calculation required to 'scramble' the text, and a 'key'. Knowledge of the key will allow the encrypted message to be de-crypted.


CISC / RISC
Complex Instruction Set Computer, refers to the instruction set (or pre-programmed commands) within microprocessors. Those from Intel's Pentium processors are referred to as CISC because they have a full and comprehensive instruction set; whereas those from IBM, powering their RS6000 mini-computers, are RISC - Reduced Instruction Set.


Client
A computer system or process that requests a service from another computer system or process, a 'server'. A client is part of a client-server software architecture. For example, a workstation requesting the contents of a file from a file server is a client of the file server.

'Thin Client': A simple client program or hardware device which relies on most of the function of the system being in the server. By the mid-1990s, the model of decentralized computing where each user has his own full-featured and independent microcomputer seemed to have displaced a centralized model in which multiple users use thin clients (e.g. dumb terminals) to work on a shared minicomputer or mainframe server. Networked PCs typically operate as 'fat clients', often providing everything except some file storage and printing locally.

By 1996, the reintroduction of thin clients was being proposed, especially for LAN-type environments. The main expected benefit of this is ease of maintenance: with fat clients, especially those suffering from the poor networking support of some operating systems, installing a new application for everyone is likely to mean having to go physically to every user's workstation to install the application, or having to modify client-side configuration options; whereas with thin clients the maintenance tasks are centralized on the server and so need only be done once.


Client-Server
A common form of distributed system in which software is split between server tasks and client tasks. A client sends requests to a server, according to some protocol, asking for information or action, and the server responds.

This is analogous to a customer (client) who sends an order (request) on an order form to a supplier (server) who dispatches the goods and an invoice (response). The order form and invoice are part of the "protocol" used to communicate in this case.


Command Line
The command line refers to the blinking cursor which, prior to the use of Microsoft Windows®, is at the heart of all operating systems. In the world of mini computers and UNIX®, the command line is often called the '$' prompt and signifies that the operating system is able to accept another command; e.g. to 'mount' a new disk-pack or to format a disk.

People familiar with Microsoft DOS environment will always recall the 'C' prompt, being the command line familiar to all PC users as C:\ (with optional parameters to include the current path).


Common Criteria for Information Security Evaluation
A comprehensive specification (aligned with the ISO IS 15408), that first defines the targeted environment and then specifies the security requirments necessary to counter threats inherent in the environment.


Code Division Multiple Access (CDMA)
A method for transmitting simultaneous signals over a shared portion of the spectrum. The foremost application of CDMA is the digital cellular phone technology from QUALCOMM that operates in the 800MHz band and 1.9GHz PCS band. CDMA phones are noted for their excellent call quality and long battery life.


Cold Site
Provides an empty, environmentally conditioned computer room with office space and other required items for computer equipment and people to be moved in. The customer provides and installs the equipment needed to resume operations. This equipment is often provided by another contract from a leasing company.


Communications Network
A system of communications equipment and communication links (by line, radio, satellite, etc.,), which enables computers to be separated geographically, while still 'connected' to each other.


Computer Abuse
Precursor of Computer Crime; the first reported instance occurred in 1958!


Computer System
One or more computers, with associated peripheral hardware, with one or more operating systems, running one or more application programs, designed to provide a service to users.


Computer Viruses
Computer Viruses are pieces of programming code which have been purposely written to inflict an unexpected result upon an innocent victim. There are now approximately 50,000 viruses and their variants for which known cures of 'vaccines' are available.

Viruses are transmitted within other (seemingly) legitimate files or programs, the opening, or execution of which, causes the virus to run and to replicate itself within your computer system, as well as performing some sort of action. Such actions can be as harmless as causing characters to 'fall off' the screen (early DOS based Virus in the 1980s), to the most malicious viruses which destroy data files and replicate themselves to everyone in your e-mail directory.
It is essential to guard against virus attacks by a combination of cautious, guarded, awareness, together with a modern anti-virus package and regular updates - every two weeks is recommended.


Computing Device
A device such as a desktop, laptop, handheld, or notebook computer. A server can be a computing device also.


Confidentiality
An attribute of information. Confidential information is sensitive or secret information, or information whose unauthorized disclosure could be harmful or prejudicial.


Console
The console, is the screen and keyboard which allows access and control of the server / mainframe in a networked environment. The console will usually be within a secure area with access only granted to system's administrators, with all actions being logged.
Users of the console will usually have highly privileged access such as Systems Operations, Super User or root.


Contention
Contention manifests itself in a slowing or reduction in response from a system. The cause of the problem results from increased loading on a system or network, such that requests for information and / or processing, are queued within the internal buffers of the system. Where contention becomes extreme, the buffers can overload and the system can fail/crash.
To reduce contention, and hence reduce the risk of system overload, an analysis of the load will need to be performed. A recent example of contention leading to overload was in mid 2,000 in the UK, where a leading Bank launched its e-Banking service. Within hours of the opening, the service was down due to massive contention and overload; concurrent demand had exceeded capacity by an unexpected order of magnitude. See Capacity Planning.


Contingency Planning
Contingency plans document how response to various external events that impact business processes and operations will be conducted. Plans should be tested on a regular basis to ensure plans stay current and represent best practices for a particular system or business process.


Controls
Procedures, which can reduce, or eliminate, the risk of a threat becoming an incident.


Cookie
A small identifier file placed on a user's computer by a Web site, which logs information about the user and their previous/current visits for the use of the site next time the user makes contact. The Web site owners claim that this is beneficial to the user, allowing faster access, and 'personalization' of the site for that user.


Copy Protection
Techniques used by software developers to (try to) prevent illegal use of their products. The unlicensed use of software (i.e. software piracy) is a major problem. It is not difficult for an organization to purchase, say, one licensed copy of a program and then install it on, say, 6 separate machines. Or install the program on a server and allow numerous users access through a network. This is illegal, rendering the organization liable to prosecution - even if the installation was carried out without management's knowledge.

Copy Protection comes in a number of forms:

Copyright
The function of copyright is to protect the skill and labor expended by the author, of a piece of work. As such, copyrighted material may not be printed, copied or distributed without permission from the owner of the copyright. In general, you cannot copyright facts but the consequential analysis, presentation and approach can certainly be copyrighted. Especially when information is downloaded from the Internet, it is dangerous to assume that it is in the 'public domain' unless it is explicit on the point.


Corrupt Data
Data that has been received, stored, or changed, so that it cannot be read or used by the program which originally created the data. Most common causes of corrupt data are disk failures (usually where the magnetic coating of the disk is breaking down, and the computer cannot read the disk properly) and power failures, where the computer loses power and shuts down unexpectedly with random writes to the hard drive, and loss of memory contents.


Cost-effective
To deliver desired results in beneficial financial terms.


Cracker
A cracker is either a piece of software (program) whose purpose is to 'crack' the code to, say, a password; or 'cracker' refers to a person who attempts to gain unauthorized access to a computer system. Such persons are usually ill intentioned and perform malicious acts of techno-crime and vandalism.
 

  • Code breaking software. A piece of software designed to decipher a code, but used most often to 'crack a password. Crackers operate quite simply by testing large numbers of possible passwords much faster than a human being could hope to perform. Passwords can be extraordinarily complex, but, given sufficient time, and sufficient computer power, ANY password can be broken - even one of 64 case-sensitive characters. Companies are well advised to ensure that, to prevent system penetration by a Cracker, there is a limit on the number of password tries permitted before the system locks and notifies the Security Officer and/or Network Administrator. Three attempts is fairly standard; other systems may be less strict, while some high security installations will permit only one attempt before locking and generating security alert messages.
     
  • Illegal entry into a computer system. These individuals often have malicious intent and can have multiple tools for breaking into a system. The term was adopted circa 1985 by hackers in defense against journalistic misuse of 'hacker'. Contrary to widespread myth, cracking does not usually involve some mysterious leap of intuition or brilliance, but rather the persistent repetition of a handful of fairly well-known tricks that exploit common weaknesses in the security of target systems. Accordingly, most crackers are only mediocre hackers. Crackers tend to gather in small, tight-knit, very secretive groups that have little overlap with the huge, open hacker poly-culture; though crackers often like to describe themselves as hackers, most true hackers consider crackers a separate and lower form of life, little better than virus writers.

  • Crash
    System Failure, often accompanied by loss of data. The term stems largely from the days of the first Hard Disks which were prone to physical damage. The gaps between the surface of the disk and the drive heads which read and write the data are so small (considerably less than the thickness of a human hair) that, if disturbed while in use, the heads would, literally, crash into the surface of the disk thereby ruining the surface and destroying program files and/or data. The heads had to be 'parked' in a safe position before the disk pack or computer was moved. Manufacturing standards have improved dramatically since then, and true crashes are now quite rare, but the term remains as a general description of a system suddenly stopping for no immediately obvious reason.


    Crawler
    Also known as a Web Crawler, but sometimes described as an Agent, or a Bot. In essence a Crawler is a highly specialized search engine, designed to 'crawl' around the World Wide Web looking for particular pieces of information, addresses, references, etc., while the user is off-line, i.e. not connected to the Internet, and therefore not running up connection charges. The Crawler will search the Internet 24 hours a day, until the next time its user logs on, when the results/information obtained so far will be transmitted to the user, and the Crawler will continue.


    Crippled
    More commonly associated with software rather than hardware. The term indicates that the application is not capable of performing all functions normally expected of such a program, for example saving or printing files created by the user. Usually used in connection with shareware, or promotional software where some functions are deliberately crippled as an incentive for a user to pay for the fully-functional version.


    Crippleware
    Shareware, or promotional software, which has been crippled, i.e. some functions, such as printing or saving files, have been disabled by the developer. Whilst logical from the developer's perspective, its popularity has fallen, as it fails to allow the user to use the system properly and hence can avert sales, rather than promote them. Far better is the technique whereby the software is fully functional for, say, 30 days, and then refuses access until a license string is entered. Even the removal of the software and a re-install will not result in a further 30 days. Why? - because the developers are smarter than that! Upon installation, a tiny hidden file is created in a secret location. This file and its contents are read upon start up, and thus the user is forced to make a purchase decision.


    CRT
    CRT stands for Cathode Ray Tube, and is the traditional means of displaying pictures on a monitor or television. Indeed, the old green monitors used with the first PCs were called CRTs. Today, workstation monitors still used an electron beam as the core technology, but newer 'flat screen' technologies are set to revolutionize screen technology.


    Cryptography
    The subject of cryptography is primarily concerned with maintaining the privacy of communications, and modern methods use a number of techniques to achieve this. Encryption is the transformation of data into another usually unrecognizable form. The only means to read the data is to de-crypt the data using a (secret) key, in the form of a secret character string, itself encapsulated within a pre-formatted (computer) file.


    Cutover
    Sometimes known as 'going live'. Cutover is the point at which a new program or system, takes over - perhaps from a previous version, and the old program is no longer used. On major developments, this point is reached when the new software has been written, tested, and run satisfactorily, in parallel with the old, for an agreed period.


    Cybercrime
    Cyber crime is any criminal activity which uses network access to commit a criminal act. With the exponential growth of Internet connection, the opportunities for the exploitation of any weaknesses in Information Security are multiplying.

    Cyber crime may be internal or external, with the former easier to perpetrate.
    The term has evolved over the past few years since the adoption of Internet connection on a global scale with hundreds of millions of users. Cybercrime refers to the act of performing a criminal act using cyberspace (the Internet network), as the communications vehicle. Some would argue that a Cybercrime is not a crime as it is a crime against software and not against a person's person or property. However, whilst the legal systems around the world scramble to introduce laws to combat Cybercriminals, two types of attack are prevalent:
     

  • Techno-crime. A pre-meditated act against a system or systems, with the express intent to copy, steal, prevent access, corrupt or otherwise deface or damage parts or all of a computer system. The 24x7 connection to the Internet makes this type of Cybercrime a real possibility to engineer from anywhere in the world; leaving few if any, 'finger prints'.
     
  • Techno-vandalism. These acts of 'brainless' defacement of Websites, and/or other activities such as copying files and publicizing their contents publicly, are usually opportunistic in nature. Tight internal security, allied to strong technical safeguards should prevent the vast majority of such incidents.

    Cyberwar
    Alternative name for Infowar.