IT Manager's Handbook: Getting Your New Job Done (74 page)

Chief Security Officer (CSO):
individual at a corporation in charge of defining and implementing security policies.

CIA:
Confidentiality, Integrity, and Availability tenets of information security.

CISSP:
Certified Information Systems Security Professional security certification.

CLERP-9:
Australian legislation similar to U.S. version Sarbanes–Oxley.

Client/server:
an application architecture that has two pieces of software associated with it—one that runs on the server and does the vast majority of the processing, and another piece that the user (or client) accesses that serves as the user interface.

Closeout Report:
the report written at the end of a project summarizing the project's accomplishments, identifying areas that went well, discussion of problem areas, etc.

Cloud computing:
using Internet-based resources (e.g., applications, servers, etc.) as opposed to buying and installing in-house.

CMMI:
Capability Maturity Model Integration; a methodology for process improvement.

CNE:
Novell certification for a Certified Netware Engineer.

COBIT:
Control Objectives for Information and Related Technology; a set of documents developed by the Information Systems Audit and Control Association and the IT Governance Institute that provide guidance for computer security. Much of COBIT is available at no cost.

Collaboration:
The style of management where all levels of the corporate organization are actively involved in the execution of business.

Command and Control:
the style of management where there is a clear vertical chain of command: you direct your employees and your boss directs you.

Computer-Based Training (CBT):
software-based (stand-alone or on the Web) education that trains the user in a particular product set.

Concurrent User Licensing:
a software licensing model based on the number of users that will be accessing an application at the same time.

COSO (Committee of Sponsoring Organizations):
a private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance.

CR (Change Request):
change management notification for change in current process/environment.

Critical path:
the series of tasks or events that determine the project's total duration. Any delay in any of these tasks will cause the project's total duration to be delayed.

Crowdsourcing:
the act of outsourcing a task to an undefined, generally large group of people or community, typically in the form of some sort of post on the Internet.

CSO (Chief Security Officer):
individual at a corporation in charge of defining and implementing security policies.

D

DARPA (Defense Advanced Research Projects Agency):
federal agency originally responsible for the “network of networks” that became the Internet.

Data Protection Directive (European Union):
a component of the EU's human rights and privacy laws, and for the protection of individuals' personal data.

Database Management System (DBMS):
sophisticated software system that controls the databases.

DBMS (Database Management System):
sophisticated software system that controls the databases.

Defense Advanced Research Projects Agency (DARPA):
the federal agency originally responsible for the “network of networks” that became the Internet.

Depreciation:
the decrease in the value of an item over time.

DES:
a data encryption standard.

Development tools:
all elements of software used to create other software, such as compilers, linkers, debuggers, source code control systems, and languages.

Directory Services:
a system application and database for tracking and administering resources (users, devices, etc.), that is used by all other applications. Frequently used for IDs and passwords in single sign on applications.

Disaster Recovery (DR):
the ability of an infrastructure to resume operations after a disaster. Disaster Recovery differentiates from Business Continuity Planning in that Disaster Recovery is primarily associated with resources and facilities, while BCP is primarily associated with processes.

Disk Cloning:
a tool to quickly copy large amounts of data in a fraction of the time it would take to use conventional methods.

Distributions:
a package of Open Source Software that can include the code, utilities, documentation, and support. Distributions are usually packaged and sold for a fee by third parties.

Distros:
a package of Open Source Software that can include the code, utilities, documentation, and support. Distros (distributions) are usually packaged and sold for a fee by third parties.

DMADV (Define, Measure, Analyze, Design, Verify):
A Six Sigma methodology for the creation of new processes.

DMAIC (Define, Measure, Analyze , Improve, Control):
A Six Sigma methodology for the refinement of existing processes.

DMZ (Demilitarized Zone):
an area of a network that is used to host devices that are accessible via the Internet, but are still protected by the firewall.

Dodd–Frank Act:
a bill that was passed in direct response to the massive financial collapse of 2008–2009; regulates the U.S. financial system with the goal of preventing another meltdown.

DR (Disaster Recovery):
the ability of an infrastructure to resume operations after a disaster. Disaster Recovery differentiates from Business Continuity Planning in that Disaster Recovery is primarily associated with resources and facilities, while BCP is primarily associated with processes.

E

E-commerce:
a term to describe the many activities involved in buying and selling over the Internet.

Electronic discovery:
the legal discovery process (prior to a legal proceeding) associated with electronic data such as e-mail, spreadsheets, word processing, database files, and so on.

Enterprise applications:
an application that is widely used throughout the organization and integrates the operations of many different departments and functions.

Enterprise Resource Planning (ERP):
set of applications and systems that a company uses to manage its resources across the entire enterprise.

ERP:
Enterprise Resource Planning; set of applications and systems that a company uses to manage its resources across the entire enterprise.

Expense item:
a financial expenditure for something whose value is gone in a short period of time, typically less than a year. Also used for items that have a longer life, but are relatively inexpensive (below a threshold set by Accounting).

F

FACTA (Fair and Accurate Credit Transactions Act):
a consumer rights bill that became fully effective June 1, 2005, and is an extension of the Fair Credit Reporting Act (FCRA). The rule says that in regard to consumer information (such as name, social security number, address, etc.) you must “take reasonable measures to protect against unauthorized access or use of the information.”

FASB (Financial Accounting Standards Board):
organization for establishing standards of financial accounting and reporting.

FCRA (Fair Credit Reporting Act):
a consumer rights bill extended by FACTA.

Firewall:
a device that is used to control access between two networks. Typically used when connecting a private network to the Internet as a way of protecting and securing the internal network from threats, hackers, and others. Also used when connecting two private networks (e.g., supplies, partners, etc.).

Fiscal year:
twelve-month period used for budgeting. Frequently, the fiscal year that a budget tracks isn't the January–December calendar year. The year that the budget tracks can be any 12-month period, although it generally begins on January 1, April 1, July 1, or October 1.

Fixed asset:
an asset, other than cash, that is used in the normal course of business. Examples include computers, machinery, buildings, and fixtures.

FTP (File Transfer Protocol):
an application protocol that transfers files from the source where they were created to a server that makes them accessible to users on the Internet.

G

Gantt chart:
a project planning/management tool that charts time on the horizontal axis, and tasks and activities on the vertical axis.

Generation X:
people born between 1965 and 1980.

Generation Y (“Millennials”):
people born between 1981 and 2000.

Governance:
the function of ensuring that the enterprise's IT activities match and support the organization's strategies and objectives. Governance is very often associated with budgeting, project management, and compliance activities.

Gramm–Leach–Bliley Act:
an act passed by Congress that has provisions to protect consumers' personal financial information held by financial institutions.

Grid computing:
the use of multiple computing resources to leverage combined processing power. Usually associated with scientific applications.

H

HIPAA (Health Insurance Portability and Accountability Act):
regulations passed by Congress promoting the privacy and security of medical records.

HRIS (Human Resources Information System):
HR software.

I

IDS (Intrusion Detection Systems):
security hardware/software that identifies suspicious traffic (i.e., potential security threats) based on patterns of activity.

IM:
instant message.

Incident response:
the response of an organization to a disaster or other significant event that may significantly affect the organization, its people, or its ability to function productively.

Infrastructure as a Service (IaaS):
the use of typical infrastructure components (e.g., data centers, servers, network computers) from a third-party provider as opposed to purchasing for on-premise installation/use.

Internet Corporation for Assigned Names and Numbers (ICANN):
an internationally organized, nonprofit corporation that has responsibility for IP address space allocation, domain name system management, and root server system management functions.

Interoperability:
the ability for two (or more) components of technology to interface and work together.

Intranet:
a private web site available only to those within a company or organization.

Intrusion Detection Systems (IDS):
security software that identifies suspicious traffic (i.e., security threats) based on patterns of activity.

Intrusion Prevention System (IPS):
security software that not only detects malicious activity (like an IDS), but also takes action to halt it.

IDS (Intrusion Detection Systems):
security software that identifies suspicious traffic (i.e., security threats) based on patterns of activity.

IPS (Intrusion Prevention System):
security software that not only detects malicious activity (like an IDS), but also takes action to halt it.

ISO 17799:
an internationally recognized information security standard.

ISO 270001:
international information security standard against which organizations can seek independent certification of their Information Security Management Systems.

ISO 9000:
a standard framework for quality management throughout the processes of producing and delivering products and services.

ISP (Internet Service Provider):
a company that provides connectivity to the Internet.

ITIL (IT Infrastructure Library):
a set of guidelines for developing and managing IT operations and services.

K

Key loggers:
small applications that reside on a computer to record key strokes, usually installed without the knowledge or consent of the user, and considered to be malware and spyware.

Kick-Off meeting:
the meeting that launches a project. Activities may include team assignments, project charter, objectives review, among others.

L

LAN (Local Area Network):
a network of computers that are physically connected within a single site (or campus) without the use of telecomm lines.

LDAP (Lightweight Direct Access Protocol):
a subset of the X.500 and DAP standards for directory services.

Lease:
an arrangement where a third party provides a piece of equipment for a defined period of time at an agreed upon rate.

Local Area Network (LAN):
a network of computers that are physically connected within a single site (or campus) without the use of telecomm lines.

Locking down:
configuring an operating system to limit the types of activities the user can do (e.g., configuration changes, software installations, etc.).

M

M&M security model:
security model designed to make a system “hard on the outside and soft in the middle.”

Malware:
general term for software designed to damage a computer or computer system. Spyware, adware, and viruses are all considered forms of malware.

Mashups:
two distinct functions or applications merged into a single one.