This glossary contains industry standard and City specific IT terminology. The glossary
should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
CISC / RISC
Common Criteria for Information Security Evaluation
Code Division Multiple Access (CDMA)
Cable companies, such as Comcast, provide Internet access over cable TV coaxial cable. A cable modem accepts this coaxial cable and can receive data from the Internet at over 1.5 Mbps. Cable access to the Internet is currently available in only certain communities.
Capacity Planning is the determination of the overall size, performance and
resilience of a computer or system. The detailed components of a Capacity
Planning initiative will vary, depending upon the proposed usage of the system,
but the following should always be considered :
- the expected storage capacity of the system and the amount of data
retrieved, created and stored within a given cycle.
- the number of on line processes and the estimated likely contention.
- the required performance and response required from both the system and
the network i.e. the end to end performance.
- the level of resilience required and the and the planned cycle of usage -
peaks, troughs and average.
- the impact of security measures e.g. encryption and decryption of all
- the need for 24x7 operations and the acceptability of downing the
system for maintenance and other remedial work.
When capacity planning, the more information available about usage patterns
and overall systems' loading, the better. Recently, with the exponential
increase in Internet Web site usage, the results from any Capacity Planning have
been, at best of limited use, and at worst, useless. The reason is because, it
has been almost impossible to predict the possible volume of traffic (hence
load) with the result that many sites have simply gone down under the
excessive load conditions. Therefore, Capacity Planning needs to consider the
real possibility of excess load scenarios and plan accordingly.
Close Circuit Television, used as a security
device and also a deterrent around office buildings, stores, campus sites, etc.
CCTV cameras will usually have their output recorded onto video tape to enable
any suspicious activity to be subsequently reviewed.
CD / CDROM
Since their introduction in
the early 1980s, CDs - Compact Disks - have gradually replaced the older vinyl
disks as a means of music storage. However, whilst the term 'CD' was adopted for
CDs which store music, the term CD-ROM (CD Read Only Memory) was adopted by the
computer word, despite using the same optical disks. Ironically, the term CDROM
still persists despite the fact that CD read / writers have been available for
CERT - the Computer Emergency Response Team, is
recognized as the Internet's official emergency team. It was established in the
USA by the Defense Advanced Research Projects Agency (DARPA) in 1988 following
the Morris computer Worm incident crippled approximately 10% of all computers
connected to the Internet.
CERT is located at the Software Engineering Institute - a US government funded
research and development centre operated by Carnegie Mellon University - and
focuses on security breaches, denial-of-service incidents, provides alerts and
incident-handling and avoidance guidelines.
CERT is also the publisher of Information Security alerts, training and
A trusted third party clearing house that
issues Digital Certificates and Digital Signatures. Such certificates include
your organization's name, a serial number, and an expiry date. In addition, and
to allow for the encryption and decryption of data, the public key of your
organization. Finally, the digital signature of the certificate-issuing
authority so that a recipient can verify that the certificate is valid.
The process of scheduling changes (not implementation of changes) that categorizes the change
based on risk and scope. Change Management is a process that manages changes for any part of
an organization's enterprise IT systems while supporting the actual change by acceptable
(customer notification) and approval process.
A feature of the Internet allowing users to
'talk', in real time, through a keyboard to one or more persons in a 'virtual
environment'. Recent reports of viruses being transmitted through messages in
Chat Rooms have raised the security profile of such activities, and
organization's are advised to review the ability of staff to access such
Checksum is a technique whereby the individual binary values of a string of storage locations on your computer are totalled, and the total retained for future reference. On subsequent accesses, the summing procedure is repeated, and the total compared to that derived previously. A difference indicates that an element of the data has changed during the intervening period. Agreement provides a high degree of assurance (but not total assurance) that the data has not changed during the intervening period.
A check sum is also used to verify that a network transmission has been successful. If the counts agree, it is safe to assume that the transmission was completed correctly.
A cipher is the generic term used to describe a means of encrypting data. In addition, the term cipher can refer to the encrypted text itself. Encryption ciphers will use an algorithm, which is the complex mathematical calculation required to 'scramble' the text, and a 'key'. Knowledge of the key will allow the encrypted message to be de-crypted.
CISC / RISC
Complex Instruction Set Computer, refers to
the instruction set (or pre-programmed commands) within microprocessors. Those
from Intel's Pentium processors are referred to as CISC because they have a full
and comprehensive instruction set; whereas those from IBM, powering their RS6000
mini-computers, are RISC - Reduced Instruction Set.
A computer system or process that requests a service from another computer system or process, a 'server'. A client is part of a client-server software architecture.
For example, a workstation requesting the contents of a file from a file server is a client of the file server.
'Thin Client': A simple client program or hardware device which relies on most of the function of the system being in the server. By the mid-1990s, the model of decentralized computing where each user has his own full-featured and independent microcomputer seemed to have displaced a centralized model in which multiple users use thin clients (e.g. dumb terminals) to work on a shared minicomputer or mainframe server. Networked PCs typically operate as 'fat clients', often providing everything except some file storage and printing locally.
By 1996, the reintroduction of thin clients was being proposed, especially for LAN-type environments. The main expected benefit of this is ease of maintenance: with fat clients, especially those suffering from the poor networking support of some operating systems, installing a new application for everyone is likely to mean having to go physically to every user's workstation to install the application, or having to modify client-side configuration options; whereas with thin clients the maintenance tasks are centralized on the server and so need only be done once.
A common form of distributed system in which software is split between server tasks and client tasks. A client sends requests to a server, according to some protocol, asking for information or action, and the server responds.
This is analogous to a customer (client) who sends an order (request) on an order form to a supplier (server) who dispatches the goods and an invoice (response). The order form and invoice are part of the "protocol" used to communicate in this case.
The command line refers to the blinking cursor which, prior to the use of Microsoft Windows®, is at the heart of all operating systems. In the world of mini computers and UNIX®, the command line is often called the '$' prompt and signifies that the operating system is able to accept another command; e.g. to 'mount' a new disk-pack or to format a disk.
People familiar with Microsoft DOS environment will always recall the 'C' prompt, being the command line familiar to all PC users as C:\ (with optional parameters to include the current path).
Common Criteria for Information Security Evaluation
A comprehensive specification (aligned with the ISO IS 15408), that first defines the targeted environment and then specifies the security requirments necessary to counter threats inherent in the environment.
Code Division Multiple Access (CDMA)
A method for transmitting simultaneous signals over a shared portion of the spectrum. The foremost application of CDMA is the digital cellular phone technology from QUALCOMM that operates in the 800MHz band and 1.9GHz PCS band. CDMA phones are noted for their excellent call quality and long battery life.
Provides an empty, environmentally conditioned computer room
with office space and other required items for computer equipment and people to be moved in. The
customer provides and installs the equipment needed to resume operations. This equipment is
often provided by another contract from a leasing company.
A system of communications equipment and
communication links (by line, radio, satellite, etc.,), which enables computers
to be separated geographically, while still 'connected' to each other.
Precursor of Computer Crime; the first reported instance occurred in 1958!
One or more computers, with associated
peripheral hardware, with one or more operating systems, running one or more
application programs, designed to provide a service to users.
Computer Viruses are pieces of programming code which have been purposely written to inflict an unexpected result upon an innocent victim. There are now approximately 50,000 viruses and their variants for which known cures of 'vaccines' are available.
Viruses are transmitted within other (seemingly) legitimate files or programs, the opening, or execution of which, causes the virus to run and to replicate itself within your computer system, as well as performing some sort of action. Such actions can be as harmless as causing characters to 'fall off' the screen (early DOS based Virus in the 1980s), to the most malicious viruses which destroy data files and replicate themselves to everyone in your e-mail directory.
It is essential to guard against virus attacks by a combination of cautious, guarded, awareness, together with a modern anti-virus package and regular updates - every two weeks is recommended.
A device such as a desktop, laptop, handheld, or notebook computer. A server can be a computing device also.
An attribute of information. Confidential information is sensitive or secret
information, or information whose unauthorized disclosure could be harmful or
The console, is the screen and keyboard which allows access and control of the server / mainframe in a networked environment. The console will usually be within a secure area with access only granted to system's administrators, with all actions being logged.
Users of the console will usually have highly privileged access such as Systems Operations, Super User or root.
Contention manifests itself in a slowing or reduction in response from a system. The cause of the problem results from increased loading on a system or network, such that requests for information and / or processing, are queued within the internal buffers of the system. Where contention becomes extreme, the buffers can overload and the system can fail/crash.
To reduce contention, and hence reduce the risk of system overload, an analysis of the load will need to be performed. A recent example of contention leading to overload was in mid 2,000 in the UK, where a leading Bank launched its e-Banking service. Within hours of the opening, the service was down due to massive contention and overload; concurrent demand had exceeded capacity by an unexpected order of magnitude. See Capacity Planning.
Contingency plans document how response to
various external events that impact business processes and operations will be conducted. Plans
should be tested on a regular basis to ensure plans stay current and represent best practices for
a particular system or business process.
Procedures, which can reduce, or eliminate, the risk of a threat becoming an incident.
A small identifier file placed on a user's
computer by a Web site, which logs information about the user and their
previous/current visits for the use of the site next time the user makes
contact. The Web site owners claim that this is beneficial to the user, allowing
faster access, and 'personalization' of the site for that user.
Techniques used by software developers to (try to) prevent illegal use of their products. The unlicensed use of software (i.e. software piracy) is a major problem. It is not difficult for an organization to purchase, say, one licensed copy of a program and then install it on, say, 6 separate machines. Or install the program on a server and allow numerous users access through a network. This is illegal, rendering the organization liable to prosecution - even if the installation was carried out without management's knowledge.
Copy Protection comes in a number of forms:
The function of copyright is to protect the
skill and labor expended by the author, of a piece of work. As such, copyrighted
material may not be printed, copied or distributed without permission from the
owner of the copyright. In general, you cannot copyright facts but the
consequential analysis, presentation and approach can certainly be copyrighted.
Especially when information is downloaded from the Internet, it is dangerous to
assume that it is in the 'public domain' unless it is explicit on the point.
Data that has been received, stored, or
changed, so that it cannot be read or used by the program which originally
created the data. Most common causes of corrupt data are disk failures (usually
where the magnetic coating of the disk is breaking down, and the computer cannot
read the disk properly) and power failures, where the computer loses power and
shuts down unexpectedly with random writes to the hard drive, and loss of memory
To deliver desired results in beneficial financial terms.
A cracker is either a piece of software (program) whose purpose is to 'crack' the code to, say, a password; or 'cracker' refers to a person who attempts to gain unauthorized access to a computer system. Such persons are usually ill intentioned and perform malicious acts of techno-crime and vandalism.
Code breaking software. A piece of software designed to decipher a code, but used most often to 'crack a password. Crackers operate quite simply by testing large numbers of possible passwords much faster than a human being could hope to perform. Passwords can be extraordinarily complex, but, given sufficient time, and sufficient computer power, ANY password can be broken - even one of 64 case-sensitive characters. Companies are well advised to ensure that, to prevent system penetration by a Cracker, there is a limit on the number of password tries permitted before the system locks and notifies the Security Officer and/or Network Administrator. Three attempts is fairly standard; other systems may be less strict, while some high security installations will permit only one attempt before locking and generating security alert messages.
Illegal entry into a computer system. These individuals often have malicious intent and can have multiple tools for breaking into a system. The term was adopted circa 1985 by hackers in defense against journalistic misuse of 'hacker'. Contrary to widespread myth, cracking does not usually involve some mysterious leap of intuition or brilliance, but rather the persistent repetition of a handful of fairly well-known tricks that exploit common weaknesses in the security of target systems. Accordingly, most crackers are only mediocre hackers. Crackers tend to gather in small, tight-knit, very secretive groups that have little overlap with the huge, open hacker poly-culture; though crackers often like to describe themselves as hackers, most true hackers consider crackers a separate and lower form of life, little better than virus writers.
System Failure, often accompanied by loss of
data. The term stems largely from the days of the first Hard Disks which were
prone to physical damage. The gaps between the surface of the disk and the drive
heads which read and write the data are so small (considerably less than the
thickness of a human hair) that, if disturbed while in use, the heads would,
literally, crash into the surface of the disk thereby ruining the surface and
destroying program files and/or data. The heads had to be 'parked' in a safe
position before the disk pack or computer was moved. Manufacturing standards
have improved dramatically since then, and true crashes are now quite rare, but
the term remains as a general description of a system suddenly stopping for no
immediately obvious reason.
Also known as a Web Crawler, but sometimes
described as an Agent, or a Bot. In essence a Crawler is a highly specialized
search engine, designed to 'crawl' around the World Wide Web looking for
particular pieces of information, addresses, references, etc., while the user is
off-line, i.e. not connected to the Internet, and therefore not running up
connection charges. The Crawler will search the Internet 24 hours a day, until
the next time its user logs on, when the results/information obtained so far
will be transmitted to the user, and the Crawler will continue.
More commonly associated with software rather
than hardware. The term indicates that the application is not capable of
performing all functions normally expected of such a program, for example saving
or printing files created by the user. Usually used in connection with
shareware, or promotional software where some functions are deliberately
crippled as an incentive for a user to pay for the fully-functional version.
Shareware, or promotional software, which has
been crippled, i.e. some functions, such as printing or saving files, have been
disabled by the developer. Whilst logical from the developer's perspective, its
popularity has fallen, as it fails to allow the user to use the system properly
and hence can avert sales, rather than promote them. Far better is the technique
whereby the software is fully functional for, say, 30 days, and then refuses
access until a license string is entered. Even the removal of the software and a
re-install will not result in a further 30 days. Why? - because the developers
are smarter than that! Upon installation, a tiny hidden file is created in a
secret location. This file and its contents are read upon start up, and thus the
user is forced to make a purchase decision.
CRT stands for Cathode Ray Tube, and is the
traditional means of displaying pictures on a monitor or television. Indeed, the
old green monitors used with the first PCs were called CRTs. Today, workstation
monitors still used an electron beam as the core technology, but newer 'flat
screen' technologies are set to revolutionize screen technology.
The subject of cryptography is primarily
concerned with maintaining the privacy of communications, and modern methods use
a number of techniques to achieve this. Encryption is the transformation of data
into another usually unrecognizable form. The only means to read the data is to
de-crypt the data using a (secret) key, in the form of a secret character
string, itself encapsulated within a pre-formatted (computer) file.
Sometimes known as 'going live'. Cutover is
the point at which a new program or system, takes over - perhaps from a previous
version, and the old program is no longer used. On major developments, this
point is reached when the new software has been written, tested, and run
satisfactorily, in parallel with the old, for an agreed period.
Cyber crime is any criminal activity which uses network access to commit a criminal act. With the exponential growth of Internet connection, the opportunities for the exploitation of any weaknesses in Information Security are multiplying.
Cyber crime may be internal or external, with the former easier to perpetrate.
The term has evolved over the past few years since the adoption of Internet connection on a global scale with hundreds of millions of users. Cybercrime refers to the act of performing a criminal act using cyberspace (the Internet network), as the communications vehicle. Some would argue that a Cybercrime is not a crime as it is a crime against software and not against a person's person or property. However, whilst the legal systems around the world scramble to introduce laws to combat Cybercriminals, two types of attack are prevalent:
Techno-crime. A pre-meditated act against a system or systems, with the express intent to copy, steal, prevent access, corrupt or otherwise deface or damage parts or all of a computer system. The 24x7 connection to the Internet makes this type of Cybercrime a real possibility to engineer from anywhere in the world; leaving few if any, 'finger prints'.
Techno-vandalism. These acts of 'brainless' defacement of Websites, and/or other activities such as copying files and publicizing their contents publicly, are usually opportunistic in nature. Tight internal security, allied to strong technical safeguards should prevent the vast majority of such incidents.
Alternative name for Infowar.