Glossary

access point (AP): The radio transmitter/receiver for Wi-Fi systems. See Hot Spot.

acknowledgment (ACK): The occasional message sent from one device to another in a network to ensure that all elements are ready should a user request come in.

active hub: A networking device that amplifies signals on a LAN.

actual throughput: A measure of useful customer data bits delivered per unit of time. Affected by real-world conditions such as electromagnetic interference, overhead associated with routing information and error correction, and latency in switches and the network in general. See also nominal throughput.

alarm: A message notifying a network operator or administrator of some kind of problem. May also be called an event or a trap.

algorithm: The set of rules or procedures to follow in a specific circumstance.

American National Standards Institute (ANSI): A group that sets national standards within the United States.

applicant-tracking system: An information system used to accept, manage, and screen resumes and cover letters from employment candidates.

application development tools: Tools that enable application developers to manage revisions and collaborate with other developers.

application program (app): Software that is intended to achieve some useful purpose for the user.

architecture: The complete set of specifications, protocols, and topology of a particular network.

asynchronous transfer mode (ATM): A broadband transmission service with network speeds up to 2.2 GBPS.

attenuation: A loss in signal strength due to problems in the cable or interference.

availability: A condition in which computer services are available to users.

backup: The process of making copies of sensitive data.

benchmarking: A management process in which a company compares its capabilities to the best practices of others.

Bluetooth: A wireless protocol for data transmission using devices in close proximity.

bottleneck: In this context, the bottleneck is the primary factor in the design of a system that limits its overall throughput. See also systems design.

bring your own device (BYOD): Some organizations may allow employees to access company resources through mobile devices, such as laptops, smartphones, and tablets. This is in contrast to others that consider allowing access of personal devices to be a support challenge or a security threat.

broadband: A communications service that provides more bandwidth than a single voice line of 56 kb per second, also known as a DS0.

bus: The component in a computer where data and instructions flow between and among the CPU, main storage, and secondary storage, and externally through peripheral devices and communications adaptors.

business continuity planning (BCP): Activities that facilitate the capability of an organization to continue business operations using alternate facilities, equipment, or personnel in a disaster scenario.

business intelligence (BI): A suite of applications that enable marketing and business managers to examine sales and customer service data to discern important trends among customer behavior as well as financial objectives.

call center solutions: Customer support services such as a call distribution system to spread incoming calls among available call takers, access to the CRM system, and tools to track the performance of call takers, who are responding to voice calls, chats, and emails from existing and prospective customers.

capacity utilization: A measure of actual usage compared to total available resources. (Getting close to 100 percent capacity utilization is rarely a good thing in networking. See congestion.)

carrier: A company that provides telecommunications services or an electromagnetic wave of a single frequency used as a data-bearing signal.

CAT-5 cable: Copper cabling capable of transmitting Ethernet at speeds up to 100Mbps.

CAT-6 cable: Copper cabling capable of transmitting Ethernet at speeds up to 10Gbps.

central processing unit (CPU): The component in a computer where computer instructions are executed and calculations are performed.

certificate authority (CA): A trusted party that issues digital certificates to other parties after confirming their identity.

certification: The process of examining a system to determine its compliance to a set of requirements with the goal of demonstrating competence in a particular technology or skill.

change management: An IT operations process that is concerned with the management and control of changes made in IT systems.

circuit switching: A method of communication involving a dialed-up connection, typically used for temporary connections.

class of service (COS): The priority assigned to a user or an application to be used when multiple entities want to use the same resources.

client-server: An application architecture in which some of the application resides on a workstation (usually having to do with data display and data input), and some resides on a central server (usually having to do with data storage and retrieval).

cloud computing: The practice of utilizing remote resources for the processing or storage or both of information.

Code Division Multiple Access (CDMA): A protocol for cellular voice and data communications. In the United States, the cellular carriers Verizon, Sprint, and US Cellular use this technology on their respective wireless networks.

collaboration tools: Applications that simplify the interactions among employees. The core of many of these tools is document preparation, where the application tracks revision changes made by multiple contributors. This revision control system is supplemented with ad hoc workgroups and voice and videoconferencing in support of this effort.

Committee of Sponsoring Organizations of the Treadway Commission (COSO): An IT controls framework that is applied to financial systems.

common criteria (CC): A framework for the specification, implementation, and evaluation of a system against a set of security requirements.

competitive local exchange carrier (CLEC): Telecommunications carriers who put in equipment to allow them to compete with the established local phone company.

compiler: A program that converts a program in source code form into machine-readable form.

computer-aided design and drafting (CADD): Design engineers create product concepts in a digital format that can be tested and stored entirely on computer systems.

computer-aided engineering (CAE): Engineers can work with digital designs to perform prototype creation, destructive testing simulation, heat transfer, verification of electrical design, and other engineering tests that formerly needed to be done with physical samples.

computer-aided manufacturing (CAM): Modern manufacturing equipment and process control systems provide status information to a central site to allow for monitoring and control.

computer-integrated manufacturing (CIM): See computer-aided manufacturing.

configuration management (CM): Computers and network equipment on a network are regularly added, changed, or deleted. Configuration management tools keep track of what and who is on the network and what they are authorized to access.

congestion: Occurs when too many users want to send and receive more data than the network elements can handle.

connectionless: A semipermanent connection to a packet-switched network, such as the Internet, as opposed to a dial-up connection.

connectivity: The capability to establish some kind of connection to a circuit-switched or packet-switched network.

connector: The physical end of a cable used to make a connection to equipment that is logically residing on the network.

console: A computer and screen that presents a network administrator with the instantaneous performance of the elements on the network and the configuration management tools.

consulting: A business activity in which an expert party issues advice or guidance to another party.

contention: When multiple elements in a network want to use the same resource simultaneously. Networking equipment uses algorithms to manage contention.

continuous operations: Many networks have off-peak times when network managers can make configuration changes with no or minimal effect on users. If no suitable off-peak times are available, the network must operate in this mode.

Control Objectives for Information and Related Technology (COBIT): A control framework for business processes related to information technology (IT).

control: Any specific instance of a policy, standard, or key step in a business process or procedure that management has determined is essential for the proper operation and security of business processes and information systems.

convergence: A network that carriers digitized voice, computer data, and digitized video. Earlier network designs involved separate cabling for each kind of communication.

cookie: An identifier sent from a website and stored in a browser.

core router: An intelligent and reliable router used by telecommunication carriers to switch TCP/IP packets.

cover letter: A personalized letter sent to a prospective employer, containing a description of qualifications as they relate to the posted job description.

creative tools: Applications that produce videos and audio recordings, marketing documents, and other visuals. These run on general-purpose or specialized computers.

curriculum vitae (CV): A complete listing of employment positions, education, publications, and so forth. See also resume.

customer communications management (CCM): Applications that automate and control digital communications, such as emails and digital agreement, with different customers.

customer information management (CIM): Applications that track the buying history of specific customers.

customer relationship management (CRM): A class of applications that combine the information associated with customer communications management and customer information management to provide a single source of information about customers and prospective customers.

cutover test: A test of business continuity plans in which production systems are shut down or disconnected, and recovery systems are activated to manage live workload.

cyclical redundancy check (CRC): A technique to verify the accuracy of a data packet.

daisy chain: A LAN network topology in which computers and other elements are connected to each other in a series of rings.

dark fiber: Unused optical fiber that is available for voice or data communications.

dashboard: Similar to a car's dashboard, an image displaying the health of the network.

data center: The place where delicate computer hardware, including network equipment, database appliances, and application servers, are housed. The environment is secure and temperature controlled.

Data Over Cable Service Interface Specification (DOCSIS): A family of technologies used to transport TCP/IP over cable television service.

data retention: The process of defining minimum and maximum intervals for the retention of different types of information.

data warehouse: The logical repository of user information and application data.

database appliances: The hardware in which databases that make up the data warehouse are stored.

database management system (DBMS): A software program used to facilitate the storage and retrieval of information from a database.

database: A structured collection of information.

dedicated LAN: Some networks have one LAN for general purposes and another parallel LAN to serve a specific purpose or application. This second LAN is dedicated to that purpose for throughput or security reasons.

denial of service (DoS): An attack on a target system designed to incapacitate the system.

Department of Defense Information Assurance Certification and Accreditation (DIACAP): A process framework used to certify and accredit military systems.

digital certificate: An electronic document that consists of a personal or corporate identifier and a public encryption key and is signed by a certificate authority (CA).

digital signature: The result of a hashing operation carried out on a file that is used to verify the integrity of the file.

digital subscriber line (DSL): A family of protocols delivered over copper telephone network cabling to homes and businesses.

digital video recorder (DVR): A device that records images from one or more video surveillance cameras.

Director of Central Intelligence Directive (DCID 6/3): A framework used to certify and accredit systems in use by the Central Intelligence Agency (CIA).

disaster recovery planning (DRP): Activities that facilitate the salvage of facilities and equipment in a disaster.

disaster: An unexpected event that directly or indirectly disrupts ongoing business operations.

discretionary access control: A security model in which the owners of individual documents or folders manage access to information.

distributed antenna system (DAS): This solution provides coverage in areas that otherwise would have poor service by installing special antenna remotely from the main cell site.

distributed application: An application architecture consisting of several components residing on different systems.

distributed computing: When individual servers store and manipulate data, potentially at multiple locations. This approach is in contrast to centralized computing, in which all processing and data are in one location.

distributed denial of service (DDoS): A denial of service (DoS) attack originating from many points.

document management (DM): A single application that tracks all documents, sent externally and used internally, in a single repository. Such applications are used for archiving, but can also support collaboration among employees in in an organization.

DS-0: A telecommunications service with 64Kbps, which is the logical equivalent of a single phone line.

DS-1: A family of multiplexed telecommunications technologies that have carried voice and data for decades in the United States and are logically comprised of 24 DS-0 circuits for a total of 1.2 Mbps. Also called T-1.

E-1: The European version of a DS-1, E-1 is comprised of 30 DS-0 circuits for a total of 2 Mbps.

electric generator: A device powered by gasoline, diesel fuel, natural gas, or propane that can generate electric power for hours, days, or more.

electromagnetic interference (EMI): The major source of noise on a line. It can come from a variety of sources, such as improperly grounded equipment or frayed cables.

Electronic Protected Health Information (EPHI): Information related to the health and medical care of an individual.

enterprise class: Networking equipment built with the quality to operate in an enterprise. Consumer-class equipment is less reliable and less costly, and carrier-class equipment is more reliable and more costly.

enterprise network: A network set up for the private use of an organization to achieve the company's objectives by providing employees access to enterprise applications.

enterprise requirements planning (ERP): Applications that integrate materials requirement planning (MRP) with other organizational applications such as the general ledger.

enterprise unified communications infrastructure: The intent of unified communication is to integrate voice, email, and videoconferencing through employees' laptops and desktop computers.

Ethernet: A family of technologies for transmitting messages over a wired network.

expert system: A system to predict future events by accumulating knowledge of a particular subject in past events.

exterior lighting: Illumination of areas where an intruder would otherwise be able to work in darkness.

extranet: A web-based point of entry for users to gain access to a company's internal resources. The typical user is an employee in the field or a registered partner, such as a reseller or an agent.

Facebook: A social networking service with some business networking features.

fault management: Detects and tracks problems in a network to offer network administration insight for configuration management, performance tracking, and security.

Federal Communications Commission (FCC): The federal government agency that regulates electronic communications and the manufacture of communication equipment.

Federal Energy Regulatory Commission (FERC): The U.S. agency that regulates public utilities.

Federal Risk and Authorization Management Program (FEDRAMP): A framework for security assessments, authorization, and continuous monitoring for cloud-based security providers.

Federal Trade Commission (FTC): The U.S. agency that regulates all businesses that are engaged in interstate commerce or use interstate resources.

femtocell: A small cellular base station with a range of about 10 yards.

fence: A building structure used to prevent people from accessing an area.

fiber data distributed interface (FDDI): A specification for a 100 Mbps LAN implemented on fiber optic cabling.

fiber-optic cable: A cable that transmits information in light waves through pure glass strands.

File Transfer Protocol (FTP): A lowest-common-denominator protocol for the point-to-point transfer of text and binary files between IP-connected hosts.

file transfer: An application that sends files from a device on one network to a device on another network, typically with verification of its accuracy.

FIPS 200: A U.S. set of security requirements for federal information systems.

fire extinguisher: A portable device used to suppress a fire.

firewall: An inline device placed between networks to control the traffic that is allowed to pass between those networks.

firmware: Software stored in persistent memory on a computer, generally used to store initial instructions that are executed when the computer is switched on.

fixed-mobile convergence (FMC): These applications offer mobile employees the same types of services, such as email, phone, and videoconferencing, as employees who are at a fixed location.

fleet tracking: When a company monitors the status and performance of its mobile assets as well as tracks and monitors the maintenance of its fleet of vehicles.

forensics: The set of tools and procedures used to investigate an event and preserve evidence.

frame relay: A communications service that handles multiple packet connections between network-connected devices. Frame relay is faster and more efficient than X.25, its predecessor.

frame: An information packet plus all the preceding signals and succeeding signals necessary to convey it along the data link.

gateway: An element on the network that performs a protocol translation to connect different networks.

general ledger: A suite of applications that include budgeting tracking, order entry, payroll, accounts receivable, accounts payable, inventory tracking, financial reporting, inventory tracking, and tax reporting. All organizations have some custom variation of this application suite.

general office tools: Many office workers rely on office productivity tools, such as a word processor, a spreadsheet, email, a calendar, a contact database, presentation software, and a web browser. Office productivity tools may include a simple database application, a note-taking tool, and an imaging application. Many companies use Microsoft Office Suite, but may standardize on other specific applications for a variety of reasons.

governance: The set of activities performed by management to exert control over the organization.

grade of service: A measure of service quality from telecommunication carriers based on the probability that a connection will happen.

Gramm-Leach-Bliley Act (GLBA): A U.S. law that requires the protection of personal information in financial services organizations.

GSM: Cellular voice and data protocols used in cellular networks in most countries outside the United States and South Korea. AT&T Mobility and T-Mobile use this protocol in the United States.

guard dog: A trained canine used to protect facilities and personnel.

guard: A person with duties to protect facilities and personnel.

guideline: A statement that provides ideas on the implementation of policies and standards.

hacker: A hobbyist or an enthusiast who seeks to understand complex systems and make modifications to them.

hacktivist: A hacker-activist who attacks a system for political or ideological reasons.

hardware address: An address, fixed during manufacturing, identifying a network adapter such as a network interface card on an Ethernet.

headhunter: A colloquial reference to a recruiter.

Health Insurance Portability and Accountability Act (HIPAA): A U.S. law that defines requirements for the protection of health-related information.

heating, ventilation, and air conditioning (HVAC): Equipment that regulates temperature and humidity in buildings containing personnel, computers, or both.

hierarchical routing: Routing based on an addressing system that uses strict numbering schemes. For example, an IP routing algorithm uses IP addresses, which contain network numbers, subnet numbers, and host numbers.

high-performance computing: Exceptionally high-speed computational computers to perform research, such as meteorology, weapons design, and financial modeling.

hot spot: A Wi-Fi access point that is typically provided as a free service in a public area.

human resource management system (HRMS): A suite of applications supporting the human resources department. Modules typically include applicant tracking, recruiting, benefit selection, payroll (or an interface to payroll in the general ledger), and performance evaluation tracking.

implementation: The process of installing hardware, software, or a business process.

incident management: An IT process, a security operations process, or both used to properly respond to operational and security incidents.

incident response: Activities performed as a result of an incident.

inert gas fire suppression: A fire suppression system in which inert gas is discharged into an area to displace oxygen.

information flow: An access model in which information at specific levels of security are permitted to flow to specific systems or locations.

infrared communication: Communication by electromagnetic radiation just below visible light. The most common application of this technology is in remote controls for audiovisual systems.

infrastructure as a service (IaaS): An offering from a telecommunications carrier or a value-added network (VAN) to perform all voice, data, and video network services.

integrity: The concept in information security related to the protection of information and systems from unauthorized alteration.

internal audit: A process of self-examination of controls to determine their effectiveness.

Internet address: An address that identifies an element on the Internet with a number in the format of 172.16.254.1 for IP version 4. Also called IP address.

Internet Engineering Task Force (IETF): Corporate and academic volunteers who create and update Internet standards.

Internet of Things (IoT): Internet applications that remotely monitor and control intelligent devices, including home security systems, vehicles, home appliances, and medical-monitoring equipment.

Internet: The worldwide network of networks that exchanges email and data through an addressing and naming system using TCP/IP protocols.

interview: A discussion between an employer and an employment candidate, so that each can assess the other for suitability of employment.

intranet: A web page accessible with work-related applications and documents for use exclusively by employees.

intrusion prevention system (IPS): An inline device that examines incoming and outgoing network traffic, looking for signs of intrusions; when an intrusion is detected, it will block such traffic.

IP address: A unique identifier assigned to a node on a network.

ISO 27001: An international standard for the management of security in an organization.

ISO: Based in Switzerland, an international organization for standards, including networking standards.

ISP (Internet service provider): A telecommunications carrier that offers Internet connectivity.

job rotation: The practice of periodically moving personnel from role to role.

key card: A plastic card with a magnetic stripe, RFID, or smart card that is assigned to an individual worker, who uses it to activate door locks to permit entry into a room or a building.

key length: The length of an encryption key.

key logger: A hardware or software mechanism used to intercept keystrokes, especially login credentials.

key management: Procedures for the creation, use, protection, and disposal of encryption keys.

latency: The delay in sending or receiving data. (Latency reduces the response time of some high-speed communications).

layer: A set of functions defined by a network standards organization. For example, the OSI 7-Layer model is described by the ISO.

lighting a building: When a telecommunications company brings fiber-optic service to a building. This process typically involves a competitive phone company (CLEC), which can then compete with the established phone company.

line conditioner: A device that absorbs utility power noise, such as spikes and surges.

link: The logical connection between a sender and a receiver in a network.

LinkedIn: A business networking site used to establish business relationships.

local area network (LAN): A network that exists entirely in a single property.

login: A procedure in which a user establishes a connection on a network or an application. The procedure ensures proper security and accesses historical information about the user.

logout: A procedure in which a user ends a connection on a network or an application. See also login.

Long Term Evolution (LTE): A high-speed data technology used on both CDMA and GSM-based networks and commonly marketed as 4G.

loss: The amount of attenuation in a signal. Too much loss reduces throughput and causes either slow response times for data applications or poor quality sound or video.

Mac address: A standardized address for every element on a LAN used to create and update routing tables.

machine-to-machine communications (M2M): Intelligent equipment and remote sensors in which data is collected, analyzed, and managed by other machines without human intervention.

main storage: The component in a computer where information is stored temporarily.

mainframe: The heart of a centralized computing system where all applications are stored and through which all data is accessed and updated.

malicious software: Software designed to steal or alter data, steal login credentials, or permit a takeover of the target system for a malicious purpose.

malware: See malicious software.

managed network services: An offering from a telecommunications carrier or value-added network (VAN) to perform all network administration.

managed security service provider (MSSP): An organization that performs operational security tasks for one or more client organizations.

mandatory access control: A security model in which an access manager manages access to information.

mantrap: A set of two interlocked doors with a short passage between, to control movement of personnel through a door.

materials requirements planning (MRP): Applications in this class enable project managers to order necessary supplies timely and automatically.

maximum tolerable downtime (MTD): The theoretical period of time that a business process is incapacitated, after which the organization may fail to survive.

media access control (MAC): When an element on the network assumes control of the transmission media to send an information packet.

mesh: Network topology in which elements are organized to have multiple connections among network nodes to increase availability.

message switching: A switching technique that involves the transmission of messages from node to node through a network. The message is stored at each node until a forwarding path is available.

microwave: A point-to-point data transmission system employing electromagnetic waves and licensed by the FCC in the United States. Enterprises and governments often use this system as an alternative to relying on a telecommunications carrier.

mobile device management (MDM) services: An application used by companies to ensure proper security for mobile devices as well as ensuring that these devices have the correct provision of the mobile applications.

modem: A device that converts digital signals to analog for transmission over a circuit originally designed for voice communications, and then converts the analog signal to digital on the other side.

multifactor authentication: The presentation of a user ID with a token or a biometric.

multilayer switch: A switch that forwards packets based on MAC and network addresses.

multimode fiber: Whereas standard fiber-optic cable transmits data using white light, this solution sends more data down the same size cable by breaking white light into different frequencies (different colors).

multiplexing: A scheme that allows multiple signals to be transmitted simultaneously across a single physical channel.

multiprotocol label switching (MPLS): A packet-switched technology used to transport a variety of protocols, such as TCP/IP, Ethernet, ATM, and VoIP, over long distances.

narrowband: A communications service that provides bandwidth of 56 kb per second (DS 0) or less.

National Information Assurance Certification and Accreditation Process (NIACAP): A process framework used to certify and accredit U.S. national security systems.

near field communications (NFC): A protocol for wireless communications over short distances, up to 6cm.

need to know: The principle that people should have access to only the information (and systems) they need to perform their job.

network adapter: A network element that converts the electronic signals between a computer's network hardware and the transmission media.

network address: The logical address, rather than the physical address, of an element on a network.

network administrator: The person with the responsibility of managing the configuration and the performance of the elements of the network.

network analyzer: A hardware or software device offering various network troubleshooting features, including protocol-specific packet decodes, specific preprogrammed troubleshooting tests, packet filtering, and packet transmission.

network architecture: The design of a data network, including types of user interfaces employed, networking protocols, the physical topology, and the types of network cabling.

network bridge: A relatively basic element on a data network that connects two LANs.

network configuration and change management (NCCM) tools: The configuration management database along with applications tools that allow the administrator to track the effect of changes.

network fault monitoring tool: A tool that provides a clearer explanation of network problems to the administrator who is monitoring the system's health

network hub: A basic element on an Ethernet data network that connects a few PCs with NIC cards to a LAN.

network interface card (NIC): A card in a computer or other element on an Ethernet LAN that stores a logical IP address and physically connects with the LAN.

network management: The activities associated with providing, on an ongoing basis, the degree of quality needed by users, including resource planning, network design, user assistance, training, and troubleshooting network issues.

network operator: A person who routinely monitors and controls a network.

network performance monitoring tools: A tool that provides a clear analysis of system bottlenecks.

network redundancy: An approach whereby the failure of a single element in a network does not cause the failure of the entire network.

network resilience: The capability of a computer network to suffer failures but continue to operate in a diminished capacity.

network router: An element on an Ethernet data network that connects a few PCs with NIC cards to a LAN but is smarter and offers better throughput than a network hub.

network-attached storage (NAS): An architecture that allows database appliances to be stored remotely from servers.

network: A collection of computers and other intelligent devices that are controlled by equipment to provide the exchange of data.

NIST 800-53: A U.S. standard (Security and Privacy Controls for Federal Information Systems and Organizations) for the protection of information systems and supporting processes.

node: An element on the network that reads a protocol address and initiates a response to communication from other elements on the network that use the same networking protocols.

noise: Unwanted electrical or light signals on a network.

nominal throughput: The value of bits per second under optimal circumstances, which is typically quoted when comparing alternatives. See also actual throughput.

nondisclosure agreement: A legal agreement in which one or more parties agrees not to disclose the secrets of one or more other parties.

noninterference: An access model in which activities performed by persons at a higher level of security will not interfere with activities performed at lower levels of security.

nonprofit: A private organization that retains its surplus revenues to further its goals.

North American Electric Reliability Corp (NERC): The U.S. organization that creates standards for the protection of public utility control systems.

object oriented: A hierarchical system that consist of classes (software libraries), objects, methods, and a logical construction that includes encapsulation, inheritance, and polymorphism.

object: In access control, a system or data record that someone or something wants to access. See also subject.

offer letter: A formal written offer of employment, written by an employer and given to an employment candidate.

open source: Network tools or applications offered to users and companies at no charge. In many cases, the underlying code may be modified and improved by others under the premise that everyone will benefit.

operating system: A set of programs that facilitate the use of computer hardware, including storage, memory, and peripheral devices

OSI 7-Layer model: A method of describing the relationships between network protocols by grouping in layers. The layers logically define how the elements interact on data as it moves between the user and applications.

packet: A defined amount of data logically enclosed in a digital envelope with a digital address.

parallel test: A test of business continuity plans in which recovery systems are activated and process live data, but do so in isolation so as not to disturb production systems that are still running.

parity checking: A simple method to see whether any bits are missing from a packet by adding the bits and checking to see if there are too few or too many bits.

password quality: A measure of a password based on its complexity and resistance to attack.

password recovery: The process of assisting a user who has forgotten his or her password.

password: A secret word, phrase, or random characters used as part of authentication.

payload: The part of a transmission that is the customer information, not the overhead used for routing and error checking.

Payment Card Industry Data Security Standard (PCI-DSS): A standard for the protection of credit card data that is stored, processed, and transmitted.

phishing: A social engineering attack in which fraudulent messages are sent to targeted individuals to trick them into performing unauthorized actions.

picocell: A very small cellular transmitter/receiver. Its coverage is comparable to a Wi-Fi access point and greater than a femtocell.

PIN pad: A keypad with numbers or letters, generally used with key cards.

ping: A network diagnostic technique in which a network node asks another element to reply to verify a viable connection.

plain old telephone service (POTS): See public-switched telephone network.

plaintext: A message in its original, readable format (as opposed to ciphertext).

point-of-sale (POS): A custom-built device that supports all modes of payment, including cash, and results in more secure and efficient transactions.

policy: A formal statement that describes what actions and behaviors are required or forbidden in an organization.

polling: An approach used by some network protocols manage contention by allowing a device to send data only after it has been given permission by the controlling device. The controller will go around the network and asks, or polls, each device whether it has anything to send.

port: A distinct connection for PCs and intelligent devices on an Ethernet network hub, bridge, or router.

pre-sales: Activities between a vendor and a client organization where the vendor is exchanging information with the client.

privacy: The concept and practice of protecting a person's sensitive information.

private sector: The portion of an economy that consists of all organizations owned and operated by private individuals or groups.

procedure: Step-by-step instructions for carrying out a task.

process: A set of one or more procedures used to carry out a business activity.

project management tools: Tools that provide information to project managers on status and can help highlight potential problems before they become critical.

proof of concept (POC): The implementation of a system for a limited period of time to determine its long-term viability.

protocol stack: Defined by a vendor or a standards organization, a group of protocols that implement more than one layer of the OSI 7-Layer model.

protocol: A networking specification of the addresses and algorithms used to accomplish a specific network function.

pseudorandom number generator (PRNG): A technique for deriving a random number for use during encryption and decryption.

public sector: The portion of an economy that consists of all organizations owned and operated by governments.

public-switched telephone network (PSTN): The worldwide network of telephones, cabling, and switches to facilitate voice communications.

queuing theory: An academic discipline used in networking to scale the size of networks and provide enough bandwidth to keep user response times within an acceptable range.

quotation: A statement of cost for a particular product or service.

race condition: See state attack.

razor wire: A continuous mesh of metal strips with sharp edges along its length, placed at the top of a fence or wall to deter others from climbing over it.

recruiter: An individual who searches for employment candidates for one or more organizations.

reference: An individual who agrees to independently verify an employment candidate's background.

remote access: The process of facilitating an employee's ability to remotely access information systems that are not accessible from the Internet.

repeater: A device on the network that addresses attenuation by amplifying, or otherwise helping, a network signal without reading or interpreting it.

resignation: A written or verbal statement of intent to discontinue employment with an organization.

response time: The time from when a user initiates an action and the action displays its results. Response time is key factor of how users view the quality of a network.

resume: A document that summarizes skills, education, and employment history. See also curriculum vitae (CV).

ring topology: A LAN network topology in which computers and other elements are connected to each other and to a central switch.

risk assessment: An examination of risks present in specific systems, processes, suppliers, or perhaps the entire organization.

risk ledger: A listing of risks identified in a risk assessment or by other means.

risk management: Formal activities to identify and appropriately respond to risk.

risk treatment: The formal acceptance, mitigation, transfer, or avoidance of identified risks.

role-based access control (RBAC): An access model in which access is assigned to groups of users instead of individual users.

router: A device that forwards TCP/IP packets toward their destination.

routing table: Used by a router, a list of networks that permits the router to correctly route packets.

sales force automation (SFA): A class of applications designed for order entry, inventory checking, and collaboration tools as needed by a given sales force.

salting: The practice of inserting a set of characters into a hashing operation to thwart cryptanalysis.

Sarbanes-Oxley Act (SarBox): The U.S. law that requires publicly held organizations to enact business and IT controls to ensure the integrity of their financial systems and financial statements.

scalability: The capability of a network to operate properly when configured on a larger scale.

secondary storage: The computer component where information is stored permanently.

security awareness training: Formal training for employees regarding an organization's security policies and procedures.

segregation of duties: See separation of duties.

separation of duties: The practice of designing a critical task so that two or more people are required to complete it.

server: A computing device on a network that stores applications that are then shared by multiple users.

service-level agreement (SLA): A contractual commitment by a telecommunications carrier or VAN to provide a specified level of network availability or a specified rate of reimbursement.

session hijacking: An attack on a system in which an attacker intercepts session tokens and attempts to take over the session.

session: An ongoing connection between two computing devices on a network involving the sharing of resources and data.

shielded twisted pair (STP): Cabling with a layer of shielded insulation around twisted pair wires traditionally used for telephones. The shielded insulation is present to reduce electromagnetic interference, thereby improving the signal-to-noise ratio.

short: The inadvertent connection of two or more conductors that typically causes a failure.

side channel attack: A technique of observing a system's running states to make inferences about activities in the system.

signal-to-noise ratio: The ratio of the signal strength to the amount of undesired signal disturbances.

signal: Sending digital information by an electromagnetic wave that is modulated and demodulated in sequence to represents bits.

Simple Network Management Protocol (SNMP): The standard for management of networked devices.

simulation: A review of business-continuity-planning or disaster-recovery-planning procedures in which a realistic scenario is defined and exercised.

single point of failure: A component, system, or individual with no alternative resource.

smoke detector: A device that alerts personnel when smoke is detected. A smoke detector is considered an early warning device in the event of a fire.

social engineering: The practice of tricking individuals into performing unauthorized actions.

software as a service (SaaS): An arrangement for an outside company to provide a service provided over a network to another organization for an ongoing fee. This is in lieu of the outside company selling the application to the organization for a one-time fee and having the app reside on a server belonging to the organization.

software development life cycle (SDLC): The business process used to develop and maintain software programs.

Software Engineering Institute — Capability Maturity Model Integration (SEI-CMMI): A model for assessing the maturity of an organization's security practices.

source code: The human-readable form of a computer program.

spam: Unwanted email, generally sent from an unknown party.

specification: A document that defines an architecture or a protocol and the allowable implementations.

sprinkler system: A fire suppression system in which water is sprayed into an area.

standard: A formal statement that describes how a security policy will be carried out.

star topology: A LAN network topology in which computers and other elements are connected to a central switch.

state attack: A technique of exploiting a timing flaw in a system to gain access to a resource used by another process. Also known as a race condition.

statistical multiplexing: A technique to combine more information on a single physical connection by allocating small time slots to different users. Also known as statistical time-division multiplexing or stat mux.

steganography: A technique used to hide a message in a larger file such as an image file, a video, or a sound file.

stream cipher: An encryption algorithm used to encrypt or decrypt a stream of data, one character at a time.

structured cabling: Running cables or wires to the office space of employees and in operations in a tracked and managed way.

subject: In access control, a person or system that wants to access something. See also object.

subnet address: A portion of an IP address that specifies the number defining a portion of the TCP/IP network.

subnet mask: A representation of a computer's Internet address in which all bit positions corresponding to the user's network and subnetwork ID are 1s and the bit positions corresponding to the user's host ID are 0.

subnetwork: A portion of the LAN arbitrarily created by the network administrator to provide the user routing structure while shielding the subnetwork from the addressing scheme of the attached networks.

supervisory control and data acquisition (SCADA): An application to automatically control other machines.

Synchronous Optical Network (SONET): A family of protocols for carrying voice and data traffic over copper and fiber telecommunications networks.

systems design: A discipline in which a network architect specifies elements that have enough resources to meet the needs of the users but are as economical as possible.

Systems Security Engineering Capability Maturity Model (SSE-CMM): A model for evaluating an organization's capability to implement security lin a system.

T-1: See DS-1.

tailgating: The practice of closely following an authorized person through a security door to gain unauthorized entry.

take-grant: An access model used to establish or disprove the safety of a given computer system.

telecommunications carrier: A company authorized by state or local governments or both to provide communication services across property lines. These companies can provide simple connections or may offer management services.

Telecommunications Industry Association (TIA): A standards setting organization in the United States for telecommunications technologies.

threat: The capability and the intent to carry out a harmful act.

throughput: The data rate measured in some factor of bits per second passing through a point in a network.

token: A hardware device used to facilitate authentication to a system.

topology: The physic arrangement of cables connecting computing devices in a network.

Transmission Control Protocol/Internet Protocol (TCP/IP): A family of data communications protocols for the transmission of data over networks.

Trojan horse: A program with a stated purpose as well as an unstated and malicious purpose.

trusted platform module (TPM): A hardware device used to store encryption keys.

TTY/TDD: Telecommunications device for the deaf. This telecommunications service allows individuals that are either death or are unable to speak to communicate with others over standard telephone lines.

Twitter: A microblogging site used to share information.

unified communications (UC): A combination of technologies in a single network backbone to provide an integrated solution for data, voice, and videoconferencing.

unified communications and collaboration (UCC): A combination of unified communication and collaboration tools with a single user interface.

uninterruptible power supply (UPS): A device equipped with backup batteries that can supply power to computing equipment for several minutes to an hour or more.

unshielded twisted pair (UTP): Inexpensive and readily available wiring in many office buildings.

user ID: A personal identifier issued to the user of a system.

users group: Organizations that use a common technology and gather to share information on troubleshooting and future needs. Companies typically support user groups as a way to gain insight into the ongoing needs of customers.

value-added network (VAN): An organization that buys basic connectivity from a telecommunications carrier and bundles other services to meet the needs of a segment of customers.

value-added reseller (VAR): A for-profit company that serves a customer segment by buying computers, networking equipment, and telecommunications services and bundling them to address a particular need.

very small aperture terminal (VSAT): A relatively low-cost data solution for communicating data to remote locations via satellite.

video surveillance: A system of one or more cameras plus monitors or recording equipment or both, used to monitor key locations inside or outside a facility.

virtual private network (VPN): A technique used to encapsulate network traffic flowing between two systems, between a system and a network, or between two networks.

virus: Malicious code that attaches itself to a file.

visitor log: A written or electronic record of visitors to a building.

voice over LTE (VoLTE): A technology that allows voice communication over the LTE data networks of wireless carriers.

vulnerability management: An IT operations process that is concerned with the identification and mitigation of vulnerabilities in IT systems.

walkthrough: A review of a process or procedure document in a group setting.

wall: A building structure used to prevent people from accessing an area.

WAN: Any network with connections extending beyond a property line. With a few exceptions, a telecommunication carrier is involved.

watermarking: A technique used to implant a visible (or audible) imprint on a document, an image, a sound recording, or a video recording.

web access filter: A device that examines the websites that users want to visit and then blocks or permits such access according to policy rules.

web application: An application consisting of a web browser on a user's workstation (or mobile device), a web server, and often an application server and a database management system.

Wi-Fi: A family of protocols for wireless communications over a distance up to 100 meters.

Wired Equivalency Protocol (WEP): An obsolete standard for encrypting data over Wi-Fi.

Wireless Protected Access (WPA): A standard for encrypting data over Wi-Fi.

Wireless Protected Access 2 (WPA2): A standard for encrypting data over Wi-Fi.

wiring closet: The location from which communication cables originate to allow users access to the network at their office space. The closet allows the network administrator to make changes closer to the users than the data center.

Worldwide Interoperability for Microwave Access (WiMAX): A wireless telecommunications standard for voice and data communications.

worm: Malicious software that can self-propagate.