Skip Navigation
Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10
Table of Contents Glossary of Terms
         Glossary

(Note: All terms are defined based on their use in this document.)

A

Acceptable use policy- A policy designed to limit the ways in which a computer or network can be used. Acceptable Use Policies (AUPs) usually include explicit statements about the required procedures, rights, and responsibilities of a technology user. Users are expected to acknowledge and agree to all AUP stipulations as a condition of system use, as should be certified on the AUP by the user's signature.

Access- To make use of a technology resource (e.g., a computer or network). Also, to make use of the information or data that reside on a computer or network. See also Remote access.

Address spoofing- See Spoofing.

Administrative software- Computer programs that are used to expedite the storage and use of data and information. Examples of administrative software include student records systems, personnel records systems, and transportation mapping packages. See also Computer program, Software, Instructional software, and Application software.

Antivirus software- Computer programs designed to detect the presence or occurrence of a computer virus. The software subsequently signals an alert of such a detection via any of a variety of mechanisms and, in many commercial products, can then be used to delete the virus. See also Computer program, Software, Virus, and Virus scanner.

Application software- Computer programs that are used to accomplish specific tasks not related to the functioning of the computer itself. In broad categories, both administrative software and instructional software are types of application software. More specific examples include word processing, spreadsheet, and database software. See also Computer program, Software, Administrative software, Instructional software, and Operating system software.

Appropriate use policy- See Acceptable use policy.

Asset- Real property, including information, software, and hardware (i.e., those things an organization needs to protect). Information and technology security requires that all assets be identified through the process of risk assessment in order to appropriately design security strategies. See also Information, Software, Hardware, and Risk assessment.

Attack- An attempt to violate information and technology security. See also Asset, Countermeasure, Risk, Threat, Vulnerability, and Risk Assessment.

Audit- See Security audit.

Audit trail- A detailed record of user transactions that chronicles all system activity (from each user's log- on to log-off and everything in between). Review and analysis of audit trail records can lead to the detection of unauthorized or otherwise unacceptable system activity. See also Log on and Security audit.

Authentication- The act of verifying a user's identity in order to prevent unauthorized use. See also User, Biometrics, Digital certificate, Digital signature, Log on, and Password.

B

Back door- A mechanism for circumventing or disabling system security as purposefully devised and included by system designers. Back doors are presumably "justified" because they offer system access to technicians and other administrators who have been made aware of the deliberate flaw. Unfortunately, searching for (and finding) back doors is a common and fairly effective attack technique used by uninvited system hackers as well. See also Access, Vulnerability, and Hacker.

Back up- (Verb) To make a copy of a file or program for the purpose of restoring the data if the masters were to be lost, damaged, or otherwise unavailable for use.

Backup- (Noun) A copy of a master file or program. To be most effective from a security standpoint, backup files are frequently stored at off-site locations. See also Master file and Off-site storage.

Biometrics- The use of biological characteristics (e.g., retinal patterns, fingerprints, and voice properties) to uniquely identify a person. These measurements can then be used to authenticate computer users. See also Authentication, User, and Voice recognition.

Bit- A binary digit. The smallest unit of computer memory, eight of which constitute a byte. The value of each bit, as limited by the "binary" code read by computers, is either 0 or 1. See also Byte, Megabyte (MB), and Memory.

Browser- See Web browser.

Bug- A programming error that prevents software from performing as designed and anticipated. See also Computer program and Software.

Byte- Eight bits. The amount of computer memory needed to store one character (i.e., a number, letter, or symbol). See also Bit, Megabyte (MB), and Memory.

C

Cables (a.k.a. cabling)- An assembly of insulated electronic conductors used to connect electrical equipment (e.g., peripheral equipment to a computer). See also Wireless.

CD- See Compact disc.

CD-ROM (Compact Disc-Read Only Memory)- An optical disk capable of storing large amounts of embedded electronic programs or files that can only be read from the disk (i.e., data can not be written to the disk after it has been produced). Unlike diskettes, CD-ROMs can be read by any type of computer with a CD-ROM disk drive. See also Compact disc and Diskette.

Central processing unit (CPU)- The main chip that controls the operation of the rest of the computer (i.e., the computer's "brain," where instructions are processed and information flow is managed). In a personal computer, a microprocessor serves as the CPU. See also Microchip and Microprocessor.

Certificate- See Digital certificate.

Certificate authority- A "trusted" third-party entity that issues digital certificates to individuals or organizations. The digital certificates are then used to create digital signatures and other security mechanisms. By issuing a digital certificate, the certificate authority guarantees that the recipient of the unique identifier is who he or she claims to be. See also Digital certificate and Digital signature.

Chip- See Microchip.

Client- The computer (user) in a client/server network that requests the files or services. The computer that supplies the services is the server. See also Thin client, Server, and Client/server network.

Client/server network- A network configuration in which all users access files stored on a central computer or several central computers. Each central computer is a server, and each user (actually each user's computer) is a client. See also Client, Thin client, Server, Peer-to-peer network, and Network.

Code- 1. (Noun) A familiar, if not precise, expression for a computer program, especially in its developmental form. 2. (Verb) A colloquial term for writing a computer program (i.e., a term for programming). See also Computer program and Computer programmer.

Cold site- An off-site location that includes all files, data, and software (but not hardware) necessary for resuming critical systems after an emergency has rendered an organization's primary site inoperable. Because some time is usually required to purchase and install the missing hardware, cold sites are plausible contingency plans only when a delay in restoring operations is acceptable. On the positive side, maintaining a cold site also delays the expense of purchasing the hardware until it is absolutely necessary (i.e., if, and only if, there is an emergency that damages or destroys the organization's primary work site). See also Off-site, Critical system, Contingency plan, and Hot site.

Compact Disc- A 4.75 inch optical disk that can store computer files and data, audio signals, video images, and other digital files. Compact discs are frequently published in a read-only format (which are then called CD-ROM for Compact Disc-Read Only Memory), but when not configured as such, can be written to as well. See also CD-ROM.

Computer- An electronic device that can be programmed with instructions for storing, retrieving, and processing data. A computer is composed of hardware and software, and can exist in a variety of sizes and configurations. See also Mainframe computer, Minicomputer, Personal computer, Computer program, Computer type, Hardware, Software, and Data.

Computer program- Electronic instructions for a computer. See also Computer, Software, Operating system software, Application software, Administrative software, Instructional software, and Code.

Computer programmer- A person who writes computer programs (i.e., a person who writes instructions for computers). See also Computer program and Code.

Computer type- The classification of a computer according to its storage and computing capacity, the number of users that it can support, the variety of input and output options it offers, and its physical size. Three major types of computers are mainframe computers, minicomputers, and personal computers (i.e., microcomputers). See also Mainframe computer, Minicomputer, Personal computer, and Computer.

Computerize- (1) To equip with computers, (2) to control by means of computers, or (3) to input and store in a computer. See also Computer.

Confidential information- Private information about an individual that is protected by organizational policy or law (such as the Family Education Rights and Privacy Act (FERPA). See also Directory information, General information, and Sensitive information.

Contingency plan- A prepared plan that details an organization's anticipated response to potential emergency situations. The purpose of a contingency plan is to minimize the amount of planning necessary once an organization and its staff find themselves in an emergency situation (e.g., a fire, earthquake, or flood); instead, they can refer to, and enact, the pre-planned list of activities already identified as necessary for protecting people, salvaging systems, and limiting damage. Well-designed contingency plans specify individual staff roles and responsibilities during an emergency. See also Recovery plan.

Conversion- The task of migrating data from an existing computer or software system (or from paper files) to a new system. Countermeasure- A step planned and taken in opposition to another act or potential act, including the introduction of security procedures to a system in order to minimize vulnerabilities and neutralize threats. See also Asset, Attack, Risk, Threat, Vulnerability, and Risk Assessment.

CPU- See Central processing unit.

Critical system- A computer, network, system or component that is absolutely essential (i.e., critical) to the operation of an information system. See also General system and System.

D

Data- Raw information that lacks the context to be meaningful (e.g., "34" is data because it has no meaning unless some context is provided; "34 degrees Fahrenheit" has meaning and therefore becomes information). The terms "data" and "information" are often used to differentiate between computer-read (i.e., data) and human-read (i.e., information) figures and text. See also Information.

Database- A large collection of data that is developed and maintained for quick searching and retrieving. See also Data and Database software.

Database software- Computer programs designed to store large amounts of data and allow for quick and efficient searching, retrieving, sorting, revising, analyzing, and ordering. There are two common types of databases, flat file databases and relational databases. See also Data, Computer program, Software, Administrative software, and Application software.

Decryption- The process of translating an encrypted file back into its original unencrypted form via the use of a matching decryption key. See also Encryption and Key.

Degauss- To demagnetize. Disks and other electronic storage media are degaussed in order to completely remove magnetically encoded data. Degaussing is necessary because simply erasing files does not, in most cases, ensure complete data removal.

Digital certificate- An attachment to an electronic transmission that allows the recipient to authenticate the identity of the sender via third party verification from an independent certificate authority. Digital certificates are used to identify encryption and decryption codes between message senders and recipients. See also Certificate authority, Digital signature, Encryption, Decryption, and Authentication.

Digital signature- A code attached to an electronic message that is used to verify that the individual sending the message is really who he or she claims to be­much in the same way that a written signature identifies the sender of a piece of written correspondence. To be effective, digital signatures must be unique and must, therefore, be protected from theft and forgery. See also Certificate authority and Digital certificate.

Directory information- Information about an individual that can legally be made public (e.g., name, street address, and telephone number). See also Confidential information, General information, and Sensitive information.

Disk- A round plastic magnetic device on which computer programs and data are saved. There are three main types of disks: hard disks (maintained inside the computer on the hard drive), diskettes (e.g., floppy disks), and compact discs (e.g., CD-ROM). See also Hard disk, Diskette, Compact disc, CD-ROM, Disk drive, and Hard drive.

Disk drive- A device that reads and stores data on a disk. The drive may be permanently installed inside the computer (i.e., a hard drive that reads a hard disk), or contain a slot for entering a diskette or compact disc from outside the computer. See also Disk, Diskette, Hard disk, Compact disc, CD-ROM, and Hard drive.

Disk label- See Label.

Diskette- A thin, flexible, plastic disk on which computer programs and data can be saved outside of a computer. The two types of diskettes are 3.5 inch disks that come in a hard plastic case and 5.25 inch disks that come in thin, pliable, cardboard-like cases and are therefore referred to as floppy disks. See also Disk and Disk drive.

Download- The act of transferring data or files between computers or systems. Downloading is sometimes distinguished from uploading by the direction of the file/data transfer. Downloading refers to transfers from a larger to smaller system or from a remote system to a local system.

Drill- See Security drill.

Drive- See Disk drive and Hard drive.

Dumb terminal- A unit composed of a monitor and a keyboard that connects to a remote computer for its processing power. See also Monitor and Keyboard.

E

E-mail- Electronic messages, typically addressed as person-to-person correspondence, that are transmitted between computers and across networks.

Electronic data interchange (EDI)- The exchange of routine education (and business) information transactions in a computer-processable format.

Encryption- The process of translating a file into an apparently unintelligible format (i.e., to encode it) via the use of mathematic algorithms or other encoding mechanisms. In general terms, the recipient of an encrypted message must possess a matching key to decrypt and read the message. See also Decryption and Key.

Ethical standards- Guidelines for appropriate behavior based on the recognized standards of a profession or group (e.g., ethical standards of the workplace forbid displays of insulting and insensitive messages).

F

File- In technology systems, a file is a block of data stored on a magnetic medium such as a floppy disk, hard disk, or tape. A file may contain a computer program, a document, or other collections of data and information.

Firewall- An electronic boundary that prevents unauthorized users and/or packets of data or information (e.g., files and programs) from accessing a protected system.

Floppy disk- See Diskette.

Freeware- Software that, while available free of charge, is still protected by a copyright and, therefore, is subject to applicable copyright laws. The person who retains the copyright for a piece of software maintains all distribution authority and can choose to charge for the product at any time. See also Computer program and Software.

Functional specifications- A document that details the desired or expected capabilities of a computer or network (i.e., the system functions and software functions). Functional specifications are best determined through methodical analysis, referred to as a needs assessment, which, when complete, results in a formal needs statement. See also System functions, Software functions, Needs assessment, and Needs Statement.

Functions- See Software functions and System functions.

G

Gateway- An electronic device that allows two different computer or networks to connect (i.e., it "translates" between networks that use different protocols). See also Interface and Protocol.

General information- Information or data that is useful, but not (1) critical to an organization's mission, or (2) of a confidential or sensitive nature. See also Confidential information, Directory information, and Sensitive information.

General system- A computer, network, system or component that, while useful, is not critical to the operation of an information and technology system. See also Critical system and System.

Goal of Security- See Security goal.

H

Hacker- An unauthorized user who attempts to access a system and its information.

Hard disk- A device, usually constructed of rigid aluminum or glass, on which computer programs and data are saved. A hard disk is most often permanently connected to the computer's hard drive, although removable hard disks are available. Data is transferred to and from the hard disk by magnetic heads. See also Disk and Hard drive.

Hard drive (a.k.a., hard disk drive)- A device used to store programs and data to (and read from) a computer's "permanent" hard disk. See also Disk and Disk drive.

Hardware- Computer equipment that can be touched, including the computer case and peripheral equipment (e.g., monitor, keyboard, mouse, and printers) that is attached to the computer. See also Peripheral equipment, Monitor, Keyboard, Mouse, Printer, and Software.

Help desk- A source from which computer, network, or software users can receive assistance. Access to a Help desk is usually offered to users via telephone, fax, or e-mail.

Homepage- The first page (i.e., the opening screen) of a website. See also World Wide Web (WWW).

Hot site- An off-site location that includes all resources (including files, data, software, and hardware) necessary for resuming critical systems after an emergency has rendered the organization's primary site inoperable. A hotsite should require little to no delay in restoring operations because all resources are maintained in a ready state. See also Off-site, Critical system, Contingency plan, and Cold site.

I

Information- Data that are meaningful (i.e., they are presented in a context that allows them to be read by a human as opposed to being read by a computer). See also Data.

Instructional software- Computer programs that allow students to learn new content, practice using content already learned, and/or be evaluated on how much content they currently know. These programs allow teachers and students to demonstrate concepts, perform simulations, and record and analyze data. Sometimes application software such as database programs and spreadsheets can also be used within the instructional context to help analyze and present data and information. See also Computer program, Software, Administrative software, and Application software.

Integrated Services Digital Network (ISDN)- An international set of telecommunication standards that allow voice, video, and data to be digitally transmitted over wire or optical fiber lines.

Interface- A shared boundary where independent systems meet. In computer systems, the term "interface" commonly refers to the mechanism through which a user communicates with a computer or network (e.g., via a monitor, keyboard, or mouse). It also refers to those connections that enable communication and exchanges of data to take place between separate systems. See also Gateway.

Internet- A global "network of networks" that is used by the general population, including educators, students, government, business, and a host of other individuals and organizations to communicate electronically. See also and World Wide Web (WWW).

Internet Service Provider (ISP)- An organization that provides access to the Internet. Commercial providers, nonprofit organizations, and schools can serve as ISPs. See also Internet.

Intranet- A localized network of computers used to communicate electronically.

ISDN- See Integrated Services Digital Network.

K

Key- A secret value (usually attached to a mathematical algorithm) that is used to generate unique encryption/decryption codes. See also Encryption and Decryption.

Keyboard- A piece of peripheral equipment (analogous to a typewriter) used to enter information and instructions into a computer. In addition to letter keys, most keyboards have number pads and function keys that make computer software easier to use. Keyboards are frequently an important tool in the user-computer interface. See also Peripheral equipment and Interface.

L

Label- Information that identifies or describes that to which it is affixed. Printed paper labels are used to identify computer disks, whereas electronic labels can be used to identify electronic files. Labels are also affixed to backup tapes, storage cabinets, and other storage media and containers to identify contents. Proper labeling is an integral part of any effective security system. LAN- See Local area network. Laptop- A portable personal computer that is small enough to fit on a person's lap (i.e., it weighs less than eight pounds). Laptops are usually capable of being powered by rechargeable batteries. See also Computer, Personal computer, PC, and Macintosh.

Library- See Media library.

Local area network (LAN)- An interconnected system of computers and/or peripheral equipment (e.g., printers) that is confined to a limited area, such as a room, building, or campus, and enables connected users to communicate and share information and resources. See also Wide area network (WAN).

Log on (a.k.a. log in)- To connect to a computer or network, usually through the entry of an acceptable user ID and password (i.e., through appropriate authentication). See also Access, Authentication, and Password.

Logic bomb- A hidden computer program that, once activated, damages or destroys a computer or network (e.g., malicious code programmed to damage files at a certain time on a certain day). A logic bomb technically is not a virus because it can only be activated once, whereas a virus can replicate itself or otherwise resurface repeatedly. See also Computer program and Virus.

M

Macintosh- A family of personal computers manufactured by Apple Computer. See also Computer, Personal computer, and PC.

Mainframe computer- A computer that serves as central support to many users and has the storage and computing capacity needed for large sets of data and files. Mainframes often store data on large reel-to-reel magnetic tapes that require extensive physical storage space. Mainframe users frequently rely upon dumb terminals or "tubes" to connect to the mainframe. See also Computer, Minicomputer, Personal computer, and Dumb terminal.

Maintenance contract- An agreement with an outside service or agency (e.g., the vendor who sold the equipment) to maintain or repair a computer system (and its peripheral equipment).

Masquerading- Impersonating an authorized user to gain access to a computer or network. One common act of masquerading is to "borrow" someone else's password. See also Spoofing.

Master file- An original file from which copies and backups are made. See also Backup.

Media library- An on-site location that serves as a repository for archived files and software, and allows for security measures to be concentrated and even intensified. Note that a media library is not a substitute for off-site storage of backups. See also Off-site storage.

Megabyte (MB)- The amount of computer memory needed to store 1,048,576 characters (which is roughly equivalent to a novel of average length). Megabytes are used to describe the amount of memory on a diskette, hard disk, or in random access memory (RAM). See also Bit, Byte, and Memory.

Megahertz (MHZ)- A measure of the clock speed of a central processing unit (CPU) expressed in millions of cycles per second. See also Central processing unit (CPU).

Memory- In technological terms, the location and medium of data storage within a computer. See also Storage media and Random access memory (RAM).

Microchip- A tiny piece of silicon (actually usually, but not always, silicon) on which computer circuitry has been manufactured. A microchip, or "chip," is an integral piece of computer hardware and can contain the circuitry for the central processing unit, memory (including random access memory), or other important operations. See also Microprocessor, Central processing unit (CPU), and Hardware.

Microcomputer- See Personal computer.

Microprocessor- The microchip that is responsible for a computer's logical operations. The microprocessor serves as the central processing unit (CPU) in a personal computer. See also Microchip and Central processing unit (CPU).

Minicomputer- A stand-alone computer system that generally supports anywhere from five or six to a few hundred users simultaneously. Traditional minicomputers are now often being replaced by client/server networks and peer-to-peer networks. See also Computer, Personal computer, Mainframe computer, and Computer type.

Modem- Short for "modulator/demodulator." A device that allows a computer to connect to a telephone line in order to communicate with another computer or network (i.e., it allows for remote access). It translates analog signals to digital signals on the way into the computer, and digital signals to analog signals on the way out of the computer. Modems may be internal or external to the computer case. Modems are classified according to the speed at which they send and receive data. See also Remote access and Peripheral equipment.

Monitor- A piece of peripheral equipment (analogous to a television screen) that receives video signals from a computer and displays the information (e.g., text and graphics) for the user. A monitor is frequently an important tool in the user-computer interface. See also Peripheral equipment and Interface.

Mouse- A hand-held piece of peripheral equipment that is rolled across a flat surface (e.g., on a desk) in order to provide direction to a computer. A mouse is frequently an important tool in the user-computer interface. See also Peripheral equipment and Interface.

Multimedia- A computer capable of utilizing more than one communication medium (e.g., audio and video).

N

Need-to-Know- A legal designation that indicates whether an individual has a legitimate educational reason for accessing confidential information. Also, a security principle that states that a system user should only be granted access to those components of the system (and its information) that he or she actually needs to perform his or her job.

Needs assessment- The process of determining the system functions and software functions that an organization or user will require of a computer or network (i.e., what the system will be "needed" to do). The product of a needs assessment is initially a list of functional specifications and, ultimately (when completed and combined with the system's technical requirements), a needs statement. See also System functions, Software functions, Functional specifications, Technical requirements, and Needs statement.

Needs statement- A description of the functional specifications, technical requirements, and security standards that dictate the selection of a technology solution. Accurate needs statements usually require input from a range of potential users and are the product of a needs assessment. See also Functional specifications, Technical requirements, and Needs assessment.

Network- A group of computers (technically two or more) connected to each other to share software, data, files, and peripheral equipment. Also, the hardware and software needed to connect the computers together. See also Local area network (LAN), Wide area network (WAN), Client/server network, Peer-to-peer network, Intranet, Internet, and World Wide Web (WWW).

Node- A point of access on a network (i.e., a point of connection). See also Access and Network.

O

Off-site- A location other than an organization's primary work site or place of business. See also Off-site storage.

Off-site storage- A location for the storage of backup files that is physically independent of the primary site of file use. The purpose of off-site storage is to decrease the likelihood of a single catastrophic event damaging or destroying both master and backup files. For example, if a fire were to break out in a building, it is conceivable that the entire structure could be destroyed. If backup files were maintained in that building, they would probably be lost with the originals; but if the backup files were at a different location (i.e., in off-site storage), they would be much more likely to survive the event. See also Off-site, Cold site, Hot site, Backup, and Master file.

Online- The status of being connected to a computer or network or having access to information that is available through the use of a computer or network. See also Access and Remote access.

Operating system software- The electronic instructions (e.g., Windows 95, Mac OS, Unix, and Novell NetWare) that control a computer and run the programs. Operating system software is usually specific to a particular type of computer. See also Computer program, Software, and Application Software.

P

Password- A secret sequence of letters, numbers, or symbols that enables a user to authenticate him- or herself to a secured computer or network. Passwords can be established by a system administrator or by the individual user. Effective password systems require that each user protect his or her password from being disclosed to anyone. See also Authentication and Log on.

PC- A term which should refer to any type of personal computer (e.g., a Macintosh or IBM-compatible) but has become synonymous with IBM-compatible personal computers. There are quite literally hundreds of brands of IBM-compatible computers (e.g., Compaq, Dell, and Packard Bell personal computers). See also Computer, Personal computer, and Macintosh.

Peer-to-peer network- A network configuration in which each user stores files on his or her own computer for other network users to access. See also Client/server network and Network.

Pentium- The fifth generation (hence the name Pentium) of the Intel microprocessor. See also Microprocessor and Central processing unit (CPU).

Peripheral equipment- Any of a variety of devices that are attached to a computer, including monitors, keyboards, modems, printers, scanners, and speakers. See also Monitor, Keyboard, Modem, and Printer.

Personal computer (a.k.a. Microcomputer)- A "small" computer (no larger than a desktop by definition) that uses a microprocessor (i.e., a microchip that serves as the central processing unit) to run the computer. Personal computers are generally used by only one person at a time (i.e., the user), but can be networked to communicate with other personal computers, mainframes, or minicomputers. This glossary considers both Macintosh and IBM-compatible computers to be Personal Computers. See also Computer, Macintosh PC, Mainframe computer, Minicomputer, and Laptop.

Platform- The hardware and operating system software that runs application software on a computer. See also Hardware, Operating system software, Application software, and Computer.

Printer- A piece of peripheral equipment that translates electronic signals from a computer into words and images on paper. Common types of printers include dot matrix, ink jet, laser, impact, fax, and pen and ink devices; many are capable of producing either black-and-white or color images. See also Peripheral equipment.

Program- See Computer program.

Programmer- See Computer programmer.

Protocol- The set of technical and procedural standards and rules that govern network and computer communication and data exchange. See also TCP/IP and Electronic data interchange (EDI).

R

Random access memory (RAM)- The working memory of a computer (i.e., the microchips on which data is temporarily stored while a computer is on and working). See also Memory.

Recovery plan- A detailed program for regaining first an organization's critical systems and then its general systems (i.e., "normal" operations) after a disaster. As with all contingency planning, recovery plans should be prepared in advance of any such occurrence. They should specify individual roles and responsibilities for performing planned responses, and be coordinated with other contingency planning and emergency response efforts. See also Contingency plan.

Random access memory (RAM)- The working memory of a computer (i.e., the microchips on which data is temporarily stored while a computer is on and working). See also Memory. Recovery plan- A detailed program for regaining first an organization's critical systems and then its general systems (i.e., "normal" operations) after a disaster. As with all contingency planning, recovery plans should be prepared in advance of any such occurrence. They should specify individual roles and responsibilities for performing planned responses, and be coordinated with other contingency planning and emergency response efforts. See also Contingency plan.

Release- An intermediate edition of a computer program. Releases are usually offered when minor changes or bug-fixes have been made to the previous edition of the software. Releases are designated by a whole number (denoting the version) followed by a decimal number indicating the new release (e.g., Upgrade 2.1). See also Computer program, Software, Version, and Upgrade.

Remote access- The act of accessing a computer or network from a location that is removed from the physical site of the computer or network. Remote access is often accomplished via the use of a modem. See also Access and Modem.

Resources- See Technology resources.

Risk- In information and technology security, a risk is any hazard or danger to which a system or its components (e.g., hardware, software, information, or data) is subjected. See also Asset, Attack, Counter-measure, Threat, Vulnerability, and Risk Assessment.

Risk assessment- The process of identifying: (1) all assets an organization possesses, (2) all potential threats to those assets, (3) all points of vulnerability to those threats, (4) the probability of potential threats being realized, and (5) the cost estimates of potential losses. Risk assessment enables an organization to at least consider the range of potential threats and vulnerabilities it faces, and is the first step in effectively securing an information and technology system. See also Asset, Attack, Countermeasure, Risk, Threat, and Vulnerability.

Rogue programming- See Logic bomb, Trojan horse, Virus, and Worm.

S

Screen saver- A computer program that automatically displays a moving image or pattern on a monitor screen after a pre­set period of inactivity. Screen savers were originally designed to prevent a fixed image from being "burned" into the phosphor of the monitor screen, but also afford an additional security function as well­the displayed image or pattern serves to shield screen content from passersby who could otherwise see information shown on the monitor screen. Many screen savers now offer password protection that, while far from foolproof, further deters casual unauthorized viewing of monitor displays. See also Monitor.

Security audit- A methodical examination and review of system and user activity. See also Audit trail.

Security drill- Repetitive instruction or training designed to establish security concepts and procedures within an organization and its staff.

Security goal- The primary goal of any information and technology security system is to protect one's information and system without unnecessarily limiting its utility for authorized users and functions. See also Trusted system.

Security policy- Clear, comprehensive, and well-defined plans, rules, and practices designed to protect and regulate access to an organization's system and the information that comprises it. Security policy describes the ideal status toward which all organizational security efforts should lead.

Security signature- See Digital signature.

Sensitive information- Information or data which, if lost or compromised, might negatively affect the owner of the information or require substantial resources to recreate. See also Confidential information, Directory information, and General information.

Sequence numbering- The use of embedded number patterns within a transmitted message to verify the integrity of file or data exchange. If the sequence of numbers in a received message is not consistent with the sequence in the sent message, it is possible that the message was tampered with or has otherwise lost its integrity.

Server- The computer in a client/server network that supplies the files or services. The computer (user) that requests the services is the "client." See also Client, Thin client, and Client/server network.

Signature- See Digital signature.

Software- Programs that tell a computer what to do. See also Computer program, Application software, Administrative software, Instructional software, Operating system software, Antivirus software, and Hardware.

Software features- Those attributes offered by a particular piece of software that make it easy and effective to use (e.g., a "spell check" function in word processing software). See also Software.

Software functions- The tasks, activities, or operations that a piece of software is intended to perform. See also Software, Functional specifications, Needs assessment, and System functions. Spoofing- An intentional act of misrepresentation in which an authorized user is tricked into thinking that he or she is communicating with another authorized user or site (but is not). See also Masquerading.

Storage media- Any of a variety of agents or mechanisms for storing electronic data or files, including disks, tapes, and compact discs. See also Disk, Diskette, Compact disc, Tape, Zip drive, and Memory.

Surfing- The act of exploring locations and browsing contents of World Wide Web sites on the Internet. See also Web browser.

System- A group of elements, components, or devices that are assembled to serve a common purpose. In a technological system, this refers to all hardware, software, networks, cables, peripheral equipment, information, data, personnel, and procedures (i.e., all technology resources) that comprise a computer environment. See also Hardware, Software, Network, Cables, Peripheral equipment, Information, Data, Technology resources, Critical system, General system, and System functions.

System functions- A list of the specific capabilities a computer or network should be able to perform (or staff should be able to do when using the system). Examples of possible functions include storage and retrieval capabilities, calculation and processing capabilities, reporting and output capabilities, and telecommunications capabilities. See also System, Functional specifications, Needs assessment, and Software functions.

T

Tape- A storage medium that is both "readable" (i.e., it can be read from) an "writable" (i.e., it can be written to). Tape was a primary storage method for early computers and systems, but has been replaced by disks, compact discs, and other less bulky media. Tape is still frequently used as a medium for making backups (e.g., backup tapes). See also Storage media.

TCP/IP (Transmission Control Protocol over Internet Protocol)- The de facto standard communications protocol used for networking. See also Network and Protocol.

Technical requirements- Straightforward statements that describe the necessary parameters of a technology solution. These parameters should address topics such as: the number of people who will use the system at a single time; where users are located; the numbers and types of transactions that need to be processed; and the types of technology components that need to interact. See also Software functions, System functions, and Needs assessment.

Technical support staff- Those persons who support and maintain an information system once it has been established. See also Technology resources.

Technology resources- The hardware, software, networks, and other equipment (in combination with personnel and financial resources) that can be dedicated to the implementation of a technology solution. See also Technical support staff and System.

Telecommuter- An individual who works at home or at another location that is physically removed from a place of employment via the use of technology (e.g., computers, modems, and fax machines). See also Remote access.

Thin client- A networking system in which the client (i.e., the user's computer) in a client/server network handles very little of the processing because the majority of processing is managed by the server. See also Client, Server, Client/server network, and Network.

Threat- Any actor, action, or event that contributes to the risk of an organizational asset. See also Asset, Attack, Countermeasure, Risk, Vulnerability, and Risk Assessment.

Time stamp- The act of recording the date and time within a transmitted message to verify the integrity of file or data exchange. If the date and time of message receipt varies with the date and time of transmission beyond an acceptable period of delivery, it is possible that the delay signifies that the message was intercepted in transit (or has otherwise lost its integrity).

Trojan horse- A type of programmed threat (i.e., a virus) that presents itself as an apparently useful function (e.g., the "thesaurus" in a word processing application) but actually conceals an unauthorized program designed to damage the system or the information it contains. See also Threat and Virus.

Trusted system- An information and technology system that, while not invincible, can generally be "trusted". Since no system is foolproof, a trusted system is the ideal security state. See also Security goal and System.

U

Upgrade- 1. (Verb) The act of installing a revised or improved (i.e., newer) version or release of a piece of software on a computer or system. 2. (Verb) To add memory or new equipment to an existing computer or network. 3. (Noun) A revised or improved product (i.e., software or hardware). See also Release, Version, Software, Memory, Random access memory (RAM), and Hardware.

User- In information and technology systems, a user is a person who accesses a system. Education organization users typically include (1) instructional staff who provide instruction or perform instructional management tasks using technology and (2) administrative staff who use technology to manage the routine and non-routine administrative activities of an organization as efficiently as possible. Students, parents, and community members can also be users. See also Access and System.

V

Version- A major edition of a computer program. The version number changes when a software developer makes major alterations to the software (e.g., significant new features are added). The version number is a whole number following the name of the software, in contrast to the release number, which is the decimal number after the version number. For example, when Software 2.0 undergoes minor changes, it could be re-released as Software 2.1. When it later undergoes significant revamping, the new version would be Software 3.0. See also Computer program, Software, Release, and Upgrade.

Virus- A computer program that destroys data, unnecessarily ties up resources, or otherwise damages a system. Viruses are often able to replicate themselves and can therefore be passed from one computer or network to another via file transfers (analogous to how a biological virus is passed from one host to the next). Viruses are combated by a variety of security techniques, most notably through the use of antivirus software and virus scanners. See also Antivirus software, Virus scanner, Threat, Trojan horse, and Worm.

Virus scanner- Software designed specifically to search files and disks for the presence of a virus. See also Software, Virus, Antivirus software, Trojan horse, and Worm.

Voice recognition- The conversion of spoken language into a digital format by a computer. Voice recognition can be used as a method of user identification and authentication. See also Biometrics and Authentication.

Vulnerability- A point within an information or technology system that is susceptible to attack from a threat. See also Asset, Attack, Countermeasure, Risk, Threat, and Risk Assessment.

W

WAN- See Wide area network.

Web- See World Wide Web (WWW).

Web browser- Software that allows a user to locate, view, and access information from World Wide Web sites (on the Internet) via the use of a graphical interface. See also Surfing.

Wide area network (WAN)- An interconnected system of computers and networks (including local area networks) that surpasses local area networks in scope (e.g., WANs can span building to building, city to city, across the country, and internationally). These data communications linkages (e.g., dedicated lines and radio waves) are designed to allow large numbers of users to communicate and access information. See also Local area network (LAN).

Wireless- A network system in which there is no physical connection between two pieces of equipment (i.e., instead of a wire or fiber optic links connecting computers, they communicate via radio waves). See also Cables and Network.

World Wide Web (WWW)- A network that offers access to websites all over the world using a standard interface for organizing and searching. The WWW simplifies the location and retrieval of various forms of information including text, audio, and video files. See also Surfing and Homepage.

Worm- A computer program that can make copies of itself and spread through connected computers and networks, thereby using up system resources and/or causing other damage. See also Threat and Virus.

Write-protect- Any of a variety of hardware or software mechanisms that prevent data from being written to a disk or other storage media.

WWW- See World Wide Web.

Z

Zip drive- A Zip drive is able to store 25 megabytes to 100 megabytes of data onto removable cartridges (depending on the model of the drive), most frequently for the purpose of backing up data. See also Backup, Disk, Disk drive, and Storage media.

  1. Computer Currents On­Line Dictionary on the World Wide Web at
    www.currents.net/resources/dictionary

  2. Inc. Online on Business Technology (A World Wide Web On­Line Dictionary, copyrighted by the Goldhirsh Group, 1998) at
    www.inc.com/technology/learn/glossaries.html

  3. Russell, D. and Gangemi, G.T. (1991). Computer Security Basics. Sebastopol, CA: O'Reilly & Associates.

  4. U.S. Department of Education, National Center for Education Statistics. (1997). Technology @ Your Fingertips, NCES 98-293. Washington, DC: Government Printing Office or at
    nces.ed.gov/pubs98/98293.pdf.

  5. Whatis.com, Inc. (A World Wide Web Online Dictionary)at
    www.whatis.com

    back to topback to home page