Seattle.gov Home Page
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Erin Devoto, Director
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Passwords
Securing Your Laptop
Protecting Your Home
Spyware Solutions
Wireless Network Security Solutions
Digital Consumer
Living Digital
Contact Us
Glossary of IT Terms

Information Security

Glossary A


This glossary contains industry standard and City specific IT terminology. The glossary should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
A B C D E F G H I J K L M
N O P Q R S T U V W X Y Z

Macro
Macro-Virus
Mainframe
Malicious Code
Masquerading
Media
Methodology
Migration
Mirroring
Mission Critical


Macro
A series of commands grouped together as a single command to automate repetitive and/or complex tasks. Technical purists argue as to whether or not writing macros is actually programming, but from the perspective of most end users, it amounts to pretty much the same thing. Macro recording facilities are now built in to most standard business/office software packages, covering word processing, spreadsheets, databases, graphics and presentations, etc. Malicious macros are not unknown; they can be transmitted to other users through the document in which the macro is embedded. Whether or not creating a macro is regarded by an organization as 'programming', it is advisable that all macros created or used within an organization are checked for their function and compliance with security regulations.


Macro-Virus
A virus containing a malevolent macro. Depending upon the way the virus is delivered it may sometimes be known as a Trojan, or a Worm. The widespread network problems caused around the globe in May 2000 were the result of such a virus.


Mainframe
Used originally as a term for almost any computer system, then to describe a large system, the term 'mainframe' is used less frequently as the numbers in use decline. This is due largely to the massive increase in processor power of smaller computers. A year 2000 home user desktop computer has more storage capacity and raw processing power than a 1966 vintage mainframe, and an entire organization can now be run with just one desktop server connected to a number of PCs. Mainframes (and Supercomputers) are still being built, installed and run, but their use tends to be restricted to the scientific/academic/government communities rather than the commercial world.


Malicious Code
Malicious code includes all and any programs (including macros and scripts) which are deliberately coded in order to cause an unexpected (and usually, unwanted) event on a user's PC. However, whereas anti virus definitions ('vaccines') are released weekly or monthly, they operate retrospectively. In other words, someone's PC has to become infected with the virus before the anti-virus definition can be developed. In May 2000, when the 'Love Bug' was discovered, although the Anti Virus vendors worked around the clock, the virus had already infected tens of thousands of organizations around the world, before the vaccine became available.

However, this may not be fast enough to prevent your PC from becoming infected with a virus that was delivered to your PC whilst you were innocently browsing a new Web site.

In June 2000 it was further revealed that a new type of attack was possible; called the 'No-Click' Stealth Bomb Attack. Such attacks use HTML, the code used for Web sites and, within this code, the pay load is then executed. The threat is that HTML is not only found on Web sites but can also be used to format and present the text of an e-mail. This means that simply opening an e-mail encoded in HTML, could deliver its pay load with no user intervention at all.

The solution is to run both a top rate anti-virus program and also a malicious code detection system which is able to constantly monitor the behavior of downloaded "content" (e.g. a "harmless" page from a Web site) including executable files (.exe), scripts, ActiveX and Java. Such solutions can either run on individual PCs and workstations or from a central server.

See Compressors and Packers.


Masquerading
Identifying yourself as someone else, i.e. purporting to be another (probably genuine) user for example, sending an e-mail to a client under someone else's name. E-mail systems usually do not allow the sender's 'From' field to be altered, but those that do thereby permit messages to be sent under a completely false name.


Media
The physical material which stores computer information. Comes in two basic types - Fixed and Removable - and a variety of flavors:-

  • Hard Disk, Floppy Disk, Compact Disc, Laser Disk, Magneto-Optical Disk, Zip Disk, Super Floppy, Magnetic Tape Reel, Magnetic Tape Cartridge, Digital Audio Tape, Paper Tape, and so on and so forth.
  • Each of these have their 'for' and 'against' lobby groups, and there are no 'best' media, only the 'most appropriate' for a given organization in given circumstances.
  • Irrespective of which media are used, they will contain important data, and therefore must be used and stored under properly controlled conditions.

Methodology
A term that is often misused / misapplied. In systems development, the tasks required to achieve the end result can be complex and usually require adoption of a disciplined and formal approach. Having perfected such an approach, consulting companies and software developers will refer to their methodology. Methodology suggests an almost scientific and objective approach, which, of course, is rarely the case.


Migration
Changing from one computer system to a different one, entailing changes in software and the transfer of data from the old system to the new, possibly necessitating conversion of data from the old format into another for use on the new system. For example: switching from an NCR-based system to an IBM constitutes a migration, while simply moving to a larger, newer, NCR system would be an 'upgrade'. Migrations are complex, and any organization contemplating or conducting one would be well advised to appoint a dedicated Project Manager and team, to ensure its smooth implementation.


Mirroring
Writing duplicate data to more than one device (usually two hard disks), in order to protect against loss of data in the event of device failure. This technique may be implemented in either hardware (sharing a disk controller and cables) or in software. It is a common feature of RAID systems. When this technique is used with magnetic tape storage systems, it is usually called 'twinning'.

A less expensive alternative, which only limits the amount of data loss (rather than eliminating the risk entirely), is to make regular backups from a single disk to magnetic tape.

An archive or web site which keeps a copy of some or all of the files at another site so as to make them available more quickly to local users and to reduce the load on the source site. Such mirroring is usually done for particular directories or files on a specific remote server, as opposed to a cache or proxy server which keeps copies of everything that has been requested through it.


Mission Critical
Derived from Military usage, the term is used to describe activities, processing, etc., which are deemed vital to the organization's business success and, possibly, its very existence. Some major applications are described ad being Mission Critical in the sense that, if the application fails, crashes, or is otherwise unavailable to the organization, it will have a significant negative impact upon the business. Although the definition will vary from organization to organization, such applications include accounts/billing, customer balances, computer controlled machinery and production lines, JIT ordering, delivery scheduling, etc.