home-GLossary     Generic     Financial     Clinical-Health     Business     Information Technology     Failed regulations     Hyping buzzing
Mathematics      top bottom

Information Technology (IT) Glosssary


information technology


regulations are easily being ignored or abused



Financial Services and Healthcare are strongly regulated.

oldwine buzz IT Information Technology

Buzzwords are the things getting attenion.
Mostly the ideas are not as new as supposed.
Getting the used words to their meaning in the used context is a first task.

References this site

With a reorder of contents of the gathered glossary subjects this page is new (march 2013)
I have put at dedicated pages as follows All the more generic aspects of IT have been put here.




Information Technology (IT)


Corporate governance of information technology
papers The governance of IT is mostly forgotten. This I have worked out arround the other chapters. ITIL CCM COBIT as process management approach.
Standard of Good Practice
papers The Standard of Good Practice > for Information Security, published by the Information Security Forum (ISF), is a business-focused, practical and comprehensive guide to identifying and managing information security risks in organizations and their supply chains.
The recently-published 2011 Standard is the most significant update of the standard for four years. It includes information security 'hot topics' such as consumer devices, critical infrastructure, cybercrime attacks, office equipment, spreadsheets and databases and cloud computing.
The 2011 Standard is aligned with the requirements for an Information Security Management System (ISMS) set out in ISO/IEC 27001, and provides wider and deeper coverage of ISO/IEC 27002 control topics, as well as cloud computing, information leakage, consumer devices and security governance.
Information security
papers Information security > means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to help identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: physical, personal and organizational.
Information technology controls
papers In business and accounting, information technology controls (or IT controls) are specific activities performed by persons or systems designed to ensure that business objectives are met. They are a subset of an enterprise's internal control. IT control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise
Risk management
papers Risk management > is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events[1] or to maximize the realization of opportunities



NIST
light save NIST National Institute of Standard and Technology - Computer Security Resource Center (Computer Security Division) US goverment
Drivers: The United States Congress and OMB have instituted laws, regulations, and directives that govern creation and implementation of federal information security practices.
NIST - general IT security Is containing a lost of information, some technical detailed, some at executive mainlines.
council on cybersecurity
light save CCS We are an independent, expert, not-for-profit organization with a global scope committed to the security of the open Internet
Enisa
light save enisa European Network an Information Security Agency
application security The Secure Applications and Services (SAS) group at ENISA addresses the security of services and applications, ranging from cloud-based services, web applications to smartphones and smartphone apps. We do this by giving stakeholders (EU businesses, government organizations, consumers and consumer organisations) an overview of relevant information security risks and by making risk-based recommendations: publishing guidelines, best practices, and information security governance tools. We are always looking for interaction and collaboration with both experts and stakeholders; see our contact details at the bottom.
BSI
light save BSI Bundesamt Sicherheit Informationstechnik
BSI gesetzmassig:
Um die aktuellen Bedrohungen zu bekämpfen und der zunehmenden Bedeutung der Informations- und Kommunikationstechnologie in der heutigen Gesellschaft Rechnung zu tragen, wurden dem BSI mit der Novellierung des BSI-Gesetzes weitergehende Aufgaben und Befugnisse eingeräumt

NCSC
light save ncsc Dutch: Nationaal Cyber Security Centrum
Missie: Het NCSC draagt bij aan het gezamenlijk vergroten van de weerbaarheid van de Nederlandse samenleving in het digitale domein, en daarmee aan een veilige, open en stabiele informatiesamenleving door het leveren van inzicht en het bieden van handelingsperspectief.
It is the same kind of information found elsewhere (Nist). This time in Dutch.
For professionals is intereseting the whitepapers with Cloud computing and web application security.

Het PvIB , Platform voor InformatieBeveiliging werd op 12 juli 2007 een feit

Het PvIB , Platform voor InformatieBeveiliging werd op 12 juli 2007 een feit Het Cloudcomputing & security - NCSC staat met is27002 referenties uitgelegd

ISACA
light save ISACA provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its comprehensive guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide. The COBIT, Val IT and Risk IT governance frameworks and the CISA, CISM, CGEIT and CRISC certifications are ISACA brands respected and used by these professionals for the benefit of their enterprises.

ITGI IT Governance Institute
ISACA formed the ITGI to focus on original research on IT governance and related topics. ISACA also addresses these topics through the ISACA Journal, conference sessions and education courses.

COBIT 5 is the latest edition of ISACA’s globally accepted framework, providing an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises. The principles, practices, analytical tools and models found in COBIT 5 embody thought leadership and guidance from business, IT and governance experts around the world.

ISO
light save ISO (International Organization for Standardization) is the world’s largest developer of voluntary International Standards. International Standards give state of the art specifications for products, services and good practice, helping to make industry more efficient and effective. Developed through global consensus, they help to break down barriers to international trade.

iso27001security We maintain the website, publish the ISO27k Toolkit and run the associated ISO27k Forum as free public resources for those who are also using and contributing to the ISO/IEC Information Security Management Systems standards. privacy/data protection project university of mianmi - millers school of medicine This is an educational site, designed to provide information about health privacy. It does not provide legal advice. It does not represent the policies or procedures of the University of Miami or any other organization. For more details, see our disclaimer. .

Sans
light save SANS The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community

security controls
The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through.

Citical control 12
Access to a machine (either remotely or locally) should be blocked for administrator-level accounts. Instead, administrators should be required to access a system using a fully logged and nonadministrative account. Then, once logged in to the machine without administrative privileges, the administrator should then transition to administrative privileges using tools such as sudo on Linux/UNIX, Runas on Windows, and other similar facilities for other types of systems.

PCI DSS
light save The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.



IT Standards


W3
light save The World Wide Web Consortium (W3C) is an international community where Member organizations, a full-time staff, and the public work together to develop Web standards.
OASIS
light save OASIS Organization for the Advancement of Structured Information Standards) is a not-for-profit consortium that drives the development, convergence and adoption of open standards for the global information society.
The OpenDocument is within NATO mandatory.
The OpenFormula is an add on to OpenDocument specifying functions and calculations. Uses in Office (MS) and many more.
The Part 2: Recalculated Formula (OpenFormula) Format (docs oasis V1.2 2011 )

CWM
believe The Common Warehouse Metamodel (CWM) defines a specification for modeling metadata for relational, non-relational, multi-dimensional, and most other objects found in a data warehousing environment. The specification is released and owned by the Object Management Group.,

The Data_Vault_Modeling is a datawarehouse dbbase modeling method that is designed to provide long-term historical storage of data coming in from multiple operational systems. It is also a method of looking at historical data that, apart from the modeling aspect, deals with issues such as auditing, tracing of data, loading speed and resilience to change.

Business Intelligence Markup Language (Biml) is a domain-specific XML dialect for defining business intelligence (BI) assets. Biml authored BI assets can currently be used by the BIDS Helper add-on for Microsoft SQL Server Business Intelligence Development Studio (BIDS) and the Varigence Mist integrated development environment; both tools translate Biml metadata into SQL Server Integration Services (SSIS) and SQL Server Analysis Services (SSAS) assets for the Microsoft SQL Server platform.

SOAP
believe SOAP SOAP, originally defined as Simple Object Access Protocol, is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks. It relies on Extensible Markup Language (XML) for its message format, and usually relies on other Application Layer protocols, most notably Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.
w3schools soap

Information Technology, buzzing




confused

web 2.0 - web 3.0

web 2.0 is a change in behavior of just reading to interactive usage. Ajax, social media, the cloud and all other things included.
confused

HTML5 an CSS3

HTML5 an CSS3 are new standards. They should standardize web-access. The hype attention now is downloading apps to your phone.
confused

LaTeX

LaTeX is widely used in academia.[1][2] It is also used as the primary method of displaying formulas on Wikipedia. As a primary or intermediate format, e.g., translating DocBook and other XML-based formats to PDF, LaTeX is used because of the high quality of typesetting achievable by TeX.



Virtualization & licensing

confused
license OS - software
The hardware virtualization is said to be a cost-saving. As long you look just to hardware this is true.
Making the view to a TCO (Total Coast of Ownership) there are big pitfalls. These are in the licensing of additional software.

See: Virtualization_software_licensing (Wikipedia),
Virtualization news & blog (Jeff Greenwald - Flexera Software)
Business impact penalty cost licensing example (Christina Torode, Forrester Research) .

The result can be saving relative small ammounts on hardware followed by a huge rise of cost caused by additional licensing of software.
confused
licensing sub capacity
The subcapacity or hardware licensing is not clearly communicated.
Some exceptions:

pvu_licensing_for_customers IBM license special by using PVU.
togeter
data driven journalism (DDJ)
computer assisted reporting (CAR)




Policies Governance    Privacy , Consumer     Analytics    IT buzzing    IT standard    top  bottom

Information Technology, Standard words







Security

Identities


believe
Identity_management
Identity management (IdM) describes the management of individual identifiers, their authentication, authorization,[1], and privileges/permissions within or across system and enterprise boundaries[2] with the goal of increasing security and productivity while decreasing cost, downtime, and repetitive tasks.

A directory service is the software system that stores, organizes and provides access to information in a directory. In software engineering, a directory is a map between names and values. It allows the lookup of values given a name, similar to a dictionary.

namespace LDAP AD NOS X500 are higly related to this

believe
High privileged accounts - PIM
Privileged Identity Management (PIM) is a domain within Identity Management focused on the special requirements of powerful accounts within the IT infrastructure of an enterprise. It is frequently used as an Information Security and governance tool to help companies in meeting compliance regulations and to prevent internal data breaches through the use of privileged accounts. Generic/Shared Administrative Accounts   Privileged Personal Accounts   Application Accounts   Emergency Accountss  

A power user is a user of a personal computer who has the ability to use advanced features of programs which are beyond the abilities of "normal" users, but is not necessarily capable of programming and system administration.
believe
System Accounts
System accounts are needed to run the system. They should not be confused with:

handbook/users-system freebsd System users are those used to run services such as DNS, mail, web servers, and so forth. The reason for this is security; if all services ran as the superuser, they could act without restriction.

kb/120929 microsoft The system account is used by the operating system and by services that run under Windows. User_Account_Control (wiki) UAC microsoft It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation.
Privilege_escalation (wiki) UAC microsoft

Fedora_(operating_system) (wiki) Security is one of the most important features in Fedora. One of the security features in Fedora is Security-Enhanced Linux, a Linux feature that implements a variety of security policies, including mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel.   Fedora will now use UID/GIDs of up to 1000 for system accounts.

service-account-vulnerabilities_5 (sans) These accounts are vulnerable because their IDs and passwords are accessible to both legitimate server and network support and hacker password dumping and cracking tools.  

service-account-vulnerabilities_5 (sans) These accounts are vulnerable because their IDs and passwords are accessible to both legitimate server and network support and hacker password dumping and cracking tools.  
believe
DAC MAC
In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)".

In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, etc.



Role Based Access Control



believe
RBAC
In computer systems security, role-based access control (RBAC) is an approach to restricting system access to authorized users. It is used by the majority of enterprises with more than 500 employees, and can be implemented via mandatory access control (MAC) or discretionary access control (DAC). RBAC is sometimes referred to as role-based security.
believe
Soll/IST
The words "Soll" and "Ist" are German words indicating: "Soll" how it should be, "Ist" the real situation.
In the German Auditing process the comparison is mentioned. IT-Sicherheitsaudit
In the English based references these words are missing. The requirement of having documented the way security is implemented and checked has moved to Business policies. Information_security_audit   Enterprise_information_security_architecture

papers
RBAC
RBAC Role Base Access Control. Is a concept of the technical way granting access rights.
Within technical detailed implementatiion RBAC is also used related to DAC and LDAP.

papers
SOD
SOD Separation Of Duties / Segregation Of Duties. Is the requirement of preventing fraud/errors buy not granting access rights to same person / same moment. A Risk-based Approach to Segregation of Duties (isaca)

papers
links
The RBAC approach is filled with the fullfilling of SOD requirements. rbac faq (nist) , report02-1-RBAC (nist) , report02-1-RBAC (nist)

A secure deployment (configuration) is becoming mentioned:
sp800-128 Security-Focused Configuration Management (SecCM) SCAP (nist)
Virtualization Security Mistakes (webcast 2009) (sans) also security related





Miscalenous


believe
Data Integrity
Data Integrity in its broadest meaning refers to the trustworthiness of information over its entire life cycle. In more analytic terms, it is "the representational faithfulness of information to the true state of the object that the information represents, where representational faithfulness is composed of four essential qualities or core attributes: completeness, currency/timeliness, accuracy/correctness and validity/authorization

papers
SAS 70
SAS 70 Statement on Auditing Standards No. 70: Service Organizations. Is the way of auditing services requirement.

ISO/IEC 27001 Focussing on the IT securityt aspects.
SSae 16 A successor of SAS 70.




CMW
believe The Common Warehouse Metamodel (CWM) defines a specification for modeling metadata for relational, non-relational, multi-dimensional, and most other objects found in a data warehousing environment. The specification is released and owned by the Object Management Group, which also claims a trademark in the use of "CWM".
As of 2011[update] the active version of the CWM specification is v1.1 with a supplementary specification, Common Warehouse Metamodel (CWM) Metadata Interchange Patterns (MIP), which further refines the requirements for tools to inter-operate smoothly.


The omg is the organisation that has the nission for standards at this.
The Data_Warehouse With all his own dedicated words as ODS, ETL, Staging Area, Data Marts is related to it.

Bill Inmon and Ralph Kimball are names metnioned when referring the concepts.
ETL (Data Warehouse): SCD CDC
believe Extract, transform and load (ETL) (ETL) is a process in database usage and especially in data warehousing that involves:

More terminology is used in this IT field original indicated as decision support systems.
With Slowly Changing Dimensions (SCDs) data changes slowly, rather than changing on a time-based, regular schedule.
In databases, change data capture (CDC) is a set of software design patterns used to determine (and track) the data that has changed so that action can be taken using the changed data.


XMLA
believe XML for Analysis (abbreviated as XMLA) is an industry standard for data access in analytical systems, such as OLAP and data mining. XMLA is based on other industry standards such as XML, SOAP and HTTP. XMLA is maintained by XMLA Council with Microsoft, Hyperion and SAS being the official XMLA Council founder members.[1]

Open source
believe (OSS) is computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under an open-source license that permits users to study, change, improve and at times also to distribute the software.

Open source does not imply license free software. It can change as the organization owning the basics will possible change policies. Open Office is closed by Oracle and the people went to libre office.

Apache My-sql can be license free for non-commercial use. With integratation in licensed bundles like websphere it get commercial licensed. The same appleis to Unix (Linux) with Red-hat redestributions.



Process - SDM Waterfall Agile



BPM BPT

Business Process Management has been referred to as a "holistic management" approach[1] to aligning an organization's business processes with the wants and needs of clients. It promotes business effectiveness and efficiency while striving for innovation, flexibility, and integration with technology.

Business Process Testing is used at the Technology to verify new, but not implemented yet, Business Processes are functioning sufficient accordingly to requirements. To this dedicated domain of verification of quality too little is found.

istqb

ISTQB Glossary

The levels for software testing is a good standardized vision.
Defined certifications are existing.

ISTQB has the mission: Defining and maintaining a Body of Knowledge which allows testers to be certified based on best practices, connecting the international software testing community, and encouraging research.

advanced certification TM

TM (Test Manager) Not surprisingly the most of it also found with normal project managers.

advanced certification TA

TA (Test Analyst) is focussed on the functionality. The level of software I would indicate as business level.

advanced certification TTA

TTA (Technical Test Analyst) is focussed on the technical tools. The level of software I would indicate as middleware and partially OS based.

OWASP

The levels for software testing is a good standardized vision.
Defined certifications are existing.

ISTQB has the mission: The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

The OWASP Testing Project has been in development for many years. With this project, we wanted to help people understand the what, why, when, where, and how of testing their web applications, and not just provide a simple checklist or prescription of issues that should be addressed. OWASP_Testing_Guide_v3 has the mission:

ITIL
believe
ITIL
The Information Technology Infrastructure Library (ITIL), is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. In its current form (known as ITILv3 and ITIL 2011 edition), ITIL is published in a series of five core publications, each of which covers an ITSM lifecycle stage. ITILv3 underpins ISO/IEC 20000 (previously BS15000), the International Service Management Standard for IT service management, although differences between the two frameworks do exist.

ITIL left the terminilogy of best practice. Just indicating good practice.
Good practice and best practice (Rob England, It Skeptic aug 2010 )
The standard of good pracice is security based related.

believe
Prince2
PRojects IN Controlled Environments 2 (PRINCE2) is a structured project management method endorsed by the UK government as the project management standard for public projects

believe
CMMI
Capability Maturity Model Integration (CMMI) is a process improvement approach whose goal is to help organizations improve their performance. CMMI can be used to guide process improvement across a project, a division, or an entire organization.

CMMI is describing a way to validate the process of building IT. Does not contain content, how the engineering should be done.

believe
SDM
SDM: A software development methodology or system development methodology in software engineering is a framework that is used to structure, plan, and control the process of developing an information system.

believe
Waterfall Agile RUP
As long there have SDM methods arrund, still we are busy with the original goals: "clarity quality and reducing development time".

Rad   Agile ... The waterfall method is less appreciated where requirements are changing quicker as the development process.




Languages evolvment

3GL 4GL - OOP

handy
3GL 4GL language
The historicol development of computer languages is indicated as generation.

All rumors about a language generation level 3-4-5 have become historical.
The same will apply to web 2.0 or web 3.0 as the buzzing will fade out.

oldtime
spaghetti code
The "spaghetti" program flows (goto-s) are hardly remembered now.
Working with flow diagrams was the first approach developping understandable computer programs

handy
Structured programming
Structured programming was aimed to get clarity quality and reducing development time at the logic.

Jackson structured programming is a method for structured programming based on correspondences between data stream structure and program structure.

A Nassi–Shneiderman diagram in computer programming is a graphical design representation for structured programming.
handy
Modular programming
Modular programming (also known as top down design and stepwise refinement) is a software design technique that increases the extent to which software is composed of separate, interchangeable components called modules by breaking down program functions into modules, each of which accomplishes one function and contains everything necessary to accomplish this.

handy
OOP
Object-oriented programming (OOP) is a programming paradigm using "objects" – data structures consisting of data fields and methods together with their interactions – to design applications and computer programs



Positioning    History    Bayes Fiser    Statistical Basics    Operational     Forecasting    Data Mining    Game     Algorithm     miscellaneous       top bottom

Historic references


Persons History Of IT
Jacquard (1800) earliest prgrammable loom
Charles_Babbage (1850) mechanical engineer who originated the concept of a programmable computer
Ada_Lovelace (1850) Ada Lovelace met and corresponded with Charles Babbage on many occasions, including socially and in relation to Babbage's Difference Engine and Analytical Engine.
Persons History Of IT
Alan_Turing (1940) highly influential in the development of computer science
Abraham_Wald (1940) founded the field of statistical sequential analysis
Edsger_W._Dijkstra (1950-2000) received the 1972 Turing Award for fundamental contributions to developing programming languages
Edgar F. Codd invented the relational model for database management
Dennis_Ritchie created the C programming language and, with long-time colleague Ken Thompson, the Unix operating system
Ralph_Kimball He is widely regarded as one of the original architects of data warehousing and is known for long-term convictions that data warehouses must be designed to be understandable and fast
machinery engineering History Of IT
Hollerith_card , IBM_Mainframe (1960 - 1980) monopolist at this time at computing
PDP-11 , DEC Vax , Supercomputer (1975 -1990) alternatives to IBM smaller machines
PC-XT , apple II , CBM 64 (1985-1990) getting computer at home
(-)
Internet (2000) Becoming public standard
malware (2003) Becoming a threat needing to defend
smartphone (2010) As GPS PDA camera etc computer integration, malware included
(-)
(see below)


Mathematics    Game theory     Learning Statistics     Descriptive data    top bottom
home-GLossary     Generic     Financial     Clinical-Health     Business     Information Technology     Failed regulations     Hyping buzzing

© 2012 J.A.Karman (8 mar 2013)