Login

Your Name:(required)

Your Password:(required)

Join Us

Your Name:(required)

Your Email:(required)

Your Message :

0/2000

Your Position: Home - Telecom Parts - BTS-6.01 - Technology Definitions

BTS-6.01 - Technology Definitions

Author: CC

May. 20, 2024

BTS-6.01 - Technology Definitions

TECHNOLOGY DEFINITIONS

If you are looking for more details, kindly visit our website.

Administrative Rule Adopted by Office of Management and Finance Pursuant to Rule-Making Authority

ARB-BTS-6.01

Definitions

The following information and communications technology definitions and terms are used in the Bureau of Technology Services Administrative Rules and associated standards and guidelines.

These definitions are not part of the binding BTS Administrative Rules.

802.11: A family of IEEE specifications for wireless local area networks.

802.1X: A standard developed by IEEE designed to enhance the security of both wired and wireless networks. 802.1X provides an authentication framework allowing a user or device to be authenticated by a central authority.

Access Control: Physical, procedural and/or electronic mechanism which ensures that only those who are authorized to view, update and/or delete data can access that data.

Access Point: Also known as a wireless base station. A hardware device that acts as a communication hub for users of a wireless device to connect to a wired local area network.

Algorithm: An unambiguous formula or set of rules for solving a problem in a finite number of steps. Algorithms for encryption are usually called Ciphers.

Analog Line: A communications line, such as a standard telephone line, that carries information in analog (continuously variable) form.

Analog Modem: Communications equipment which converts computer information/data, in the form of digital pulses to audio tones that can be carried over analog telephone lines.

Anonymous Access: A method which allows access to applications or systems without requiring user identification and password authentication.

Anti-Virus Software: A software program designed to identify and remove a known or potential computer virus, worm or trojan horse

Application: Software that performs a specific task or function, such as word-processing, creation of spreadsheets, generation of graphics, facilitating electronic mail, etc

Asset: A physical item, informational item, or capability required by an organization to maintain productivity. Examples include computing systems, communication systems and data.

Attachment: A file attached to an e-mail message.

Authentication: The assurance that a party to some computerized transaction is not an impostor. Authentication typically involves using a password, certificate, PIN, or other information that can be used to validate the identity over a computer network

Authorization: The process of giving someone permission to do or have something; a system administrator defines for the system which users are allowed access to the system and what privileges are assigned.

Availability: The assurance that a computer system is accessible by authorized users whenever needed, as pre-defined, or as established through a Service Level Agreement.

Backup: The activity of copying electronic data so that it will be preserved in case of equipment failure, accidental or malicious loss or other catastrophe.

Breach: The successful defeat of security controls which could result in a penetration of the system. A violation of controls of a particular information system such that information assets or system components are unduly exposed.

Business System Owners: Individuals within the City who are ultimately accountable for the budget, management, and use of one or more electronic information systems or electronic applications that are associated with the City of Portland (e.g. Bureau Directors). Electronic information systems cover a wide range of business requirements and ‘ownership’. They may be single-purpose/single-bureau business applications as well as multi-purpose/multi-bureau business applications. Business applications may also be ‘enterprise’ applications that serve the common functional requirements of all City bureaus and offices (e.g. various administrative information systems).

Change Management: Process of controlling changes to the infrastructure or any aspect of services, in a controlled manner, enabling approved changes with minimum disruption.

Cipher: A method that encrypts or disguises text. Ciphers replace the message letters with other letters, numbers or symbols, as in substitution, or move around the individual letters of the plaintext, as in transposition – or a combination of both.

Common Criteria: A comprehensive specification that first defines the targeted environment and then specifies the security requirements necessary to counter threats inherent in that environment.

Compliance: A user, device, computing system, network element or operating system is in compliance with a policy when it implements and adheres to all functional aspects explicitly stated as required in that policy.

Compromise: Also referred to as “data compromise,” or “data breach.” Intrusion into a computer system where unauthorized disclosure/theft, modification, or destruction of data is suspected.

Confidentiality: An attribute of information. Confidential information is sensitive or secret information, or information whose unauthorized disclosure could be harmful or prejudicial.

Cost-effective: To deliver desired results in beneficial financial terms.

Credential: A general term for privilege attribute data that has been certified by a trusted privilege certification authority

Cracking: The process of overcoming a security measure. Also commonly referred to as Hacking.

Criticality: A relative measure of the consequence of a particular failure mode and its frequency of occurrence.

Cryptosystem: A system used for encrypting and decrypting data. Usually involves an algorithm for combining the original data (plaintext) with one or more keys - numbers or strings of characters known only to the sender and recipient - into cipher text.

Database: A shared collection of logically related data, designed to meet the information needs of multiple users in an organization.

Data Custodians: Data Custodians are business experts who have been officially designated by the Bureau of Technology Services and/or Bureau Business System Owners as accountable for the definition of specific business requirements regarding protection of the confidentiality of specific data that is transmitted, used, stored, and maintained on City of Portland information systems. Data Custodians help translate the business requirements into appropriate system security procedures that are aligned with the City of Portland Information System Security Policy.

Degaussing: Also called “disk degaussing.” Process or technique that demagnetizes the disk such that all data stored on the disk is permanently destroyed.

DMZ: Short for demilitarized zone which is an internal network typically used exclusively for servers that are accessed by external clients on the Internet, such as web servers. Placing these public access servers on a separate isolated network provides an extra measure of security for internal networks

DNS: Also known as a Domain Name System (or Service) which translates alphabetic domain names into numeric IP addresses.

Download: Transferring data (usually a file) from another computer to the computer you are using.

Dual Control: A procedure whereby the active involvement of two people is required to complete a specified process.

E-Commerce: A way of supporting real-time business transactions via the internet.

E-Government: The process by which the City delivers information and services electronically. It allows citizens and businesses easy access to government information and streamlined business processes.

Encryption: The transformation of data into a form unreadable by anyone without a secret decryption key. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it was not intended, including those who can see the encrypted data.

End-of-Life: A status where data or devices has exceeded its useful life and should be eliminated or replaced.

Entitlement: Any of the benefits to which one is entitled, or to which one is given a right, by meeting specific eligibility requirements.

Electronic Protected Health Information (ePHI): Individually identifiable electronic health information that is stored and/or transmitted that relates to the past, present or future physical or mental health condition of an individual, the provision of health care to an individual or the past, present or future payment for the provision of health care to an individual.

Ethernet: The common method of networking computers in a LAN, or Local Area Network.

Extranet: A private network that uses internet protocols and the public telecommunications system to securely share part of a business's information or operations with suppliers, vendors, partners, customers or other businesses.

Firewall: A combination of hardware and software that secures access to and from a network based on rules.

Firewall Rule: A set of logical statements within a firewall that permit or deny internal and external network traffic to flow through it to various destinations and/or devices.

Frame Relay: Standard packet-switched protocol for transmission of voice and data that creates "virtual" dedicated circuits. These are less expensive than dedicated circuits.

Gateway: A hardware and/or software set-up that translates between two dissimilar protocols

Governance: The authority for defining policy, providing leadership, and managing and coordinating the procedures and resources that ensure the security of information systems

Hash Number: Also called "hash function" or hashing, used extensively in many encryption algorithms. Hashing transforms a string of characters usually into a shorter, fixed-length value or key.

HIPAA: Short for the Health Insurance Portability and Accountability Act of 1996.

Incident Response: The ability to respond appropriately and completely to any incidents, situational compromises, or threats from any source at anytime.

Information System: The network or combination of all computing equipment, telecommunication or other communication or information processing devices and channels used within an organization.

Infrastructure: The computer and communication hardware, software, databases, people, and policies supporting the enterprise's information management functions.

Integrity: The condition of data or a system, in which that data or system remains intact, unaltered, and hence reliable.

Internet: The vast collection of inter-connected networks that all use the TCP/IP protocols and that evolved from the ARPANET of the late 60's and early 70's.

Intranet: Contrary to the public Internet, an intranet is a private network inside a company or organization.

Intrusion Detection: A security management system and or process that gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attack from outside the organization) and misuse (attacks from within the organization).

IPSEC: Short for Internet Protocol Security. Security functions (authentication and encryption) implemented at the IP level of the protocol stack.

ISDN Line: Also known as an Integrated Services Digital Network. A digital telephony scheme that allows a user to connect to the Internet over standard phone lines at speeds higher than a 56K modem allows.

Key: A piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key the algorithm would have no result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption.

Language: A formal language with a particular set of 'grammatical' rules and guidelines used in writing a computer program or software.

LDAP: An acronym for Lightweight Directory Access Protocol, which is a network protocol designed to help users extract information from a hierarchical directory in a network, whether on the Internet or on a corporate intranet.

Mobile Device: Any computing or communications device intended to frequently move location while maintaining function and operation.

Modem: A device that allows computers to communicate with each other over telephone lines or other delivery systems by changing digital signals to telephone signals for transmission and then back to digital signals.

Malware: Short for malicious software and is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms and trojan horses.

MAC Address: Short for media access control address; the unique physical address of each device's network interface card

Memory: The space used by a computer to hold the program that is currently running, along with the data it needs.

Mitigate: The action of reducing or minimizing the severity of the impact or likelihood of a risk or an event.

Multi-user: A system or program designed to accommodate simultaneous use by multiple users,

Need-to-Know: An administrative action certifying that a given individual requires access to specified private information in order to perform his or her assigned duties.

Network: A collection of two or more computer or communication systems interconnected by telephone lines, communications cables, satellite links, radio, and/or other communication techniques.

Network Interface Card: An expansion board you insert into a computer so the computer can be connected to a network.

Non-repudiation: A mutually agreed process, secured evidence, or other method of operation which provides for proof of receipt or protection from denial of an electronic transaction or other activity.

Operating System: The foundation software of a machine; that which schedules tasks, allocates storage, and presents a default interface to the user between applications.

Ownership: The term that signifies decision-making authority and accountability for a given span of control.

Password Protection: The ability to protect a system, data or object using a password

Pass Phrase: The word or phrase that protects private key files. It prevents unauthorized users from encrypting them.

Patch: A piece of code added to software in order to fix a vulnerability or bug, especially as a temporary correction between software releases.

PDA: Short for personal digital assistant, a small handheld device that combines one or more computing and/or communications functions such as email, calendar, internet and phone.

Penetration Testing: A security evaluation performance wherein practitioners attempt to gain access to a system despite security features.

Physical Security: The component of information security that results from all physical measures necessary to safeguard equipment and data, from access by unauthorized persons or electrical or environmental (fire, smoke, temperature, etc) damage.

Portal: A starting point web page with a hierarchical, topical directory, a search window, and added features like news headlines applications and links to informative and collaborative services and applications.

Port Scanning: A program that attempts to learn about the weaknesses of a computer or network device by repeatedly probing it with requests for information.

Principle of Least Privilege: An operations principle that requires access privileges for any user to be limited to only what they need to have (nothing in addition) to be able to complete their assigned duties or functions.

Principle of Separation of Duties: An operations principle that requires that whenever practical, no one person should be responsible for completing or controlling a task, or set of tasks, from beginning to end when it involves the potential for fraud, abuse or other harm.

Privacy: The protection of sensitive data and personal information from unintentional and intentional attacks and disclosure.

Privilege: A user's right to perform a specific task on an information system. Privileges are assigned by administrators to individual users or groups of users as part of the security settings for the computer.

Proprietary: Refers to a technological design or architecture whose configuration is unavailable to the public and may not be duplicated without permission from the designer or architect.

Protocol: Agreed-upon methods of communications used by computers. A specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data.

Public Network: A network established and operated by a telecommunications provider, for specific purpose of providing data transmission services for the public. Examples of public networks in scope of the PCI DSS include, but are not limited to, the Internet, wireless, and mobile technologies.

Quarantine: Enforced isolation or restriction of communications imposed to prevent the introduction or spread of computer viruses.

RADIUS: Short for Remote Authentication Dial-In User Service. A client/server protocol and software that enables remote access servers to communicate with a central server to authenticate remote users and authorize their access to the requested system or service.

Retention Schedule: The defined period of time for which electronic data must

61

0

Comments

0/2000

All Comments (0)

Guest Posts

If you are interested in sending in a Guest Blogger Submission,welcome to write for us!

Your Name (required)

Your Email (required)

Subject

Your Message (required)

0/2000