Seattle.gov Home Page
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Erin Devoto, Director
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Passwords
Securing Your Laptop
Protecting Your Home
Spyware Solutions
Wireless Network Security Solutions
Digital Consumer
Living Digital
Contact Us
Glossary of IT Terms

Information Security

Glossary A


This glossary contains industry standard and City specific IT terminology. The glossary should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
A B C D E F G H I J K L M
N O P Q R S T U V W X Y Z

Identity Hacking
Impact Analysis
Incident Response
Incursion
Information Asset
Information Security Policy
Information Systems
Information User
Information Warfare/Infowar
Integrity
International Organization for Standardization - ISO
Internet
Internet Service Provider - ISP
Intervention
Intranet
Intrusion Detection
IP Address
ISDN


Identity Hacking
Posting on the Internet or Bulletin Board(s) anonymously, pseudonymously, or giving a completely false name/address/telephone with intent to deceive. This is a controversial activity, generating much discussion amongst those who maintain the net sites. There are two cases in which problems can be caused for organizations:-

  1. a member of staff engages in such practices and is 'found out' by net users, thereby associating the organization name with the activity.
  2. a posting by an unrelated third party, pretending to be the organization, or a representative.

In either case, if such posts are abusive, or otherwise intended to stir up an argument, the likely result is a Flame Attack, or Mail Bombing.


Impact Analysis
As part of an Information Security Risk Assessment, you should identify the threats to your Business Assets and the impact such threats could have, if the threat resulted in a genuine incident. Such analysis should quantify the value of the Business Assets being protected to decide on the appropriate level of safeguards.


Incident Response
The ability to respond appropriately and completely to any incidents, situational compromises, or threats from any source at anytime.


Incursion
A penetration of the system by an unauthorized source. Similar to an Intrusion, the primary difference is that Incursions are classed as 'Hostile'.


Information Asset
An Information Asset is a definable piece of information, stored in any manner which is recognized as 'valuable' to the organization. The information which comprises an Information Asset, may be little more than a prospect name and address file; or it may be the plans for the release of the latest in a range of products to compete with competitors.

Irrespective, the nature of the information assets themselves, they all have one or more of the following characteristics :

  1. They are recognized to be of value to the organization.
  2. They are not easily replaceable without cost, skill, time, resources or a combination.
  3. They form a part of the organization's corporate identity, without which, the organization may be threatened.
  4. Their Data Classification would normally be Proprietary, Highly Confidential or even Top Secret.

It is the purpose of Information Security to identify the threats against, the risks and the associated potential damage to, and the safeguarding of Information Assets.


Information Security Policy
Information Security Policy is an organizational document usually ratified by senior management and distributed throughout an organization to anyone with access rights to the organization's IT systems or information resources.

  • The Information Security Policy aims to reduce the risk of, and minimize the effect (or cost) of, security incidents. It establishes the ground rules under which the organization should operate its information systems. The formation of the Information Security Policy will be driven by many factors, a key one of which is risk. How much risk is the organization willing and able to take?
     
  • The individual Information Security Policies should each be observed by personnel and contractors alike. Some policies will be observed only by persons with a specific job function, e.g. the System Administrator; other Policies will be complied with by all members of staff.
     
  • Compliance with the organization's Information Security Policy should be a incorporated with both the Terms and Conditions of Employment and also their Job Description.

Information Systems
The computer systems and information sources used by an organization to support its day to day operations.


Information User
An Information User is the person responsible for viewing / amending / updating the content of the information assets. This can be any user of the information in the inventory created by the Information Owner.


Information Warfare / Infowar
Also Cyberwar and Netwar. Infowar is the use of information and information systems as weapons in a conflict in which the information and information systems themselves are the targets.
Infowar has been divided into three classes:

  1. Individual Privacy
  2. Industrial and Economic Espionage
  3. Global information warfare, i.e. Nation State versus Nation State.

Most organizations will not need to be concerned over classes I and III, but clearly Class II is relevant to any organization wishing to protect its confidential information.


Integrity
The condition of data or a system, which is that it remains intact, unaltered, and hence reliable.


International Organization for Standardization - ISO
The International Organization for Standardization is a group of standards bodies from approximately 130 countries whose aim is to establish, promote and manage standards to facilitating the international exchange of goods and services. The term 'ISO' is not an acronym for the IOS, it is a word derived from the Greek word 'isos' which means 'equal', which is the root of the prefix 'iso-'. For example the word isobar links together areas of equal atmospheric pressure.


Internet
The Internet is made up of computers in more than 100 countries covering commerical, academic, and government endeavors. Originally developed for the US military, the Internet has become widely used for academic and commerical research. Users have access to unpublished data and journals on a huge variety of subjects. Today, the Internet has become commericalized into a worldwide information highway, providing access to information on every subject known to humankind.


Internet Service Provider - ISP
An Internet Service Provider - commonly referred to as an 'ISP', is a company which provides individuals and organizations with access to the Internet, plus a range of standard services such as e-mail and the hosting (running) of personal and corporate Web sites. The larger ISPs will offer a range of access methods including telephone, leased line, ISDN or the newer DSL (ADSL) circuits and will be connected to 'backbone' high speed digital circuits which form the Internet itself. ISPs usually charge a tariff for their services although income can be derived from various sources of advertising and portal activities.Occasionally an ISP are referred to as IAP - an Internet Access provider.


Intervention
Human input in response to a request by the system while it is 'on hold'. Interventions can be expected or unexpected, for example, providing a higher level password for authorization, or responding to an error message indicating a fault, e.g. 'Printer Error: cannot print to LPT3, user intervention required'. A log of unexpected interventions should be maintained and reviewed at intervals to check if a pattern is developing with a particular program, user, or piece of equipment, which may require some repair, fix, or other corrective action.


Intranet
A Local Area Network within an organization, which is designed to look like, and work in the same way as, the Internet. Intranets are essentially private networks, and are not accessible to the public.

Intrusion The IT equivalent of trespassing. An uninvited and unwelcome entry into a system by an unauthorized source. While Incursions are always seen as Hostile, Intrusions may well be innocent, having occurred in error. Strong ID and password systems can minimize intrusions.


Intrusion Detection
A security management system that gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attack from outside the organization) and misuse (attacks from within the organization).


IP Address
The IP Address or 'Internet Protocol' is the numeric address that guides all Internet traffic, such as e-mail and Web traffic, to its destination. The IP address is 'under the hood' and is derived from its domain name, which is mapped to the IP Address through the Domain Name Service.


ISDN
Integrated Services Digital Network. Provides for point to point data transmission at 128K bps. ISDN users must connect to a host, which is also capable of ISDN connection using an adaptor. The reliability of ISDN is not questioned, however, it is relatively expensive and is being eclipsed by the recent growth in broadband Digital Subscriber Line (DSL) technology.