Seattle.gov Home Page
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Erin Devoto, Director
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Passwords
Securing Your Laptop
Protecting Your Home
Spyware Solutions
Wireless Network Security Solutions
Digital Consumer
Living Digital
Contact Us
Glossary of IT Terms

Information Security

Glossary A


This glossary contains industry standard and City specific IT terminology. The glossary should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
A B C D E F G H I J K L M
N O P Q R S T U V W X Y Z

LCD
LED
Legacy / Heritage System
Live / Production
Local Area Network (LAN)
Locking
Lockout
Logging
Loggon/off
Logic Bomb
Logical Access
Logical Security


LCD
Liquid Crystal Display.


LED
Light-Emitting Diode A Diode which emits light, <gasp>. Does exactly what it says on the 'tin'.


Legacy / Heritage System
A legacy system is a hardware and software system which uses technologies which are 'old' in comparison with today's technology. Typically, legacy systems use character terminals (although many have been made to look smarter by enabling access through a Graphical User Interface), and process data through a proprietary database etc.


Live / Production
When a system is 'in production' or is said to be 'live', it means that it is being used to process active work or transactions, and it is no longer in test mode. Organizations should always differentiate between and separate systems which are being evaluated, tested, or developed from those which are 'live'.


Local Area Network (LAN)
A home or office network operated within one location. This may comprise one or more adjacent buildings, but a local network will normally be connected by fixed cables or, more recently, short range radio equipment. A LAN will not use modems or telephone lines for internal communications, although it may well include such equipment to allow selected users to connect to the external environment.


Locking
A technique used to prevent unauthorized changes to file contents, also known as 'Read Only'. Typically a document - for example a disciplinary letter to a member of staff, - will be created and then 'locked' with a password. Other authorized users will be able to view the contents and even make copies, but only the originator of the document has the password needed to gain access to change the content.


Lockout
Technique used to stop an (apparently) unauthorized attempt to gain access to the system. A typical example is the three tries limit on password entry. It may be a simple matter of a genuine user forgetting their ID and password, or making a mistake in trying to enter, but after three attempts, the system will Lockout that user and report an attempted intrusion to the Security Administrator. Information Security will have to reset the user records to allow another logon attempt.


Logging
The process of recording events at the time that they occur.


Logon/off
The processes by which users start and stop using a computer system.


Logic bomb
Also known as Slag Code and commonly associated with Disgruntled Employee Syndrome, a Logic Bomb is a piece of program code buried within another program, designed to perform some malicious act. Such devices tend to be the province of technical staff (non-technical staff rarely have the access rights and even more rarely the programming skills required) and operate in two ways:-

  • 'Triggered Event' for example, the program will review the payroll records each day to ensure that the programmer responsible is still employed. If the programmers name is suddenly removed (by virtue of having been fired) the Logic Bomb will activate another piece of code to Slag (destroy) vital files on the organization's system. Smarter programmers will build in a suitable delay between these two events (say 2-3 months) so that investigators do not immediately recognize cause and effect.
  • 'Still Here' - in these case the programmer buries coding similar to the Triggered Event type but in this instance the program will run unless it is deactivated by the programmer (effectively telling the program - "I am still here - do not run") at regular intervals, typically once each quarter. If the programmer's employment is terminated unexpectedly, the program will not be deactivated and will attack the system at the next due date. This type of Logic Bomb is much more dangerous, since it will run even if the programmer is only temporarily absent - e.g. through sickness, injury or other unforeseen circumstances - at the deactivation point, and the fact that it wasn't meant to happen just then is of little comfort to organization with a slagged system.
  • Logic Bombs demonstrate clearly the critical need for audit trails of activity on the system as well as strict segregation of duties and access rights between those staff who create systems - analysts, developers, programmers, - and the operations staff who actually run the system on a day-to-day basis.


    Logical Access
    Logical access refers to the connection of one device or system to another through the use of software. The software may run, say as the result of a user powering a PC, which then executes the login sequence, or it may be the result of internal processing between systems.


    Logical Security
    Software safeguards of the organization's systems, for instance: IDs, Passwords, Access Rights, Authority levels, etc.