GLOSSARY Flashcards
Access Controls
Controls that restrict unauthorized individuals from using information resources and are concerned with user identification.
Accountability
A tenet of ethics that refers to determining who is responsible for actions that were taken.
Adware
Alien software designed to help pop-up advertisements appear on your screen.
Agile development
A software development methodology that delivers functionality in rapid iterations, measured in weeks, requiring frequent communication, development, testing, and delivery.
Alien software
Clandestine software that is installed on your computer through duplicitous methods.
Anti-malware systems
(or antivirus software) Software packages that attempt to identify and eliminate viruses, worms, and other malicious software.
Application
(or app) A computer program designed to support a specific task or business process.
Application controls
Security countermeasures that protect specific applications in functional areas.
Application portfolio
The set of recommended applications resulting from the planning and justification process in application development.
Application service provider
An agent or vendor that assembles the software needed by enterprises and packages them with outsourced development, operations, maintenance, and other services.
Application software
Application software The class of computer instructions that directs a computer system to perform specific processing activities and provide functionality for users.
Arithmetic logic unit
Portion of the CPU that performs the mathematical calculations and makes logical comparisons.
Attribute
Each characteristic or quality of a particular entity.
Auction
A competitive process in which either a seller solicits consecutive bids from buyers or a buyer solicits bids from sellers, and prices are determined dynamically by competitive bidding.
Audit
The accumulation and evaluation of evidence that is used to prepare a report about the information or controls that are being examined, using established criteria and standards.
Augmented reality
A live, direct or indirect, view of a physical, real-world environment whose elements are enhanced by computer-generated sensory input such as sound, video, graphics, or GPS data.
Authentication
A process that determines the identity of the person requiring access.
Authorization
A process that determines which actions, rights, or privileges the person has, based on verified identity.
Back door
(or trap door) Typically a password, known only to the attacker, that allows the attacker to access the system without having to go through any security procedures.
Banners
Electronic billboards, which typically contain a short text or graphical message to promote a product or a vendor.
Best practices
The most effective and efficient ways to do things.
Big Data
A collection of data so large and complex that it is difficult to manage using traditional database management systems.
Binary relationship
A relationship that exists when two entities are associated.
Biometrics
The science and technology of authentication (i.e., establishing the identity of an individual) by measuring the subject’s physiological or behavioural characteristics.
Bit
Short for Binary digit (0s and 1s), the only data that a CPU can process.
Blacklisting
A process in which a company identifies certain types of software that are not allowed to run in the company environment.
Blog
(or weblog) A personal website, open to the public, in which the site creator expresses his or her feelings or opinions with a series of chronological entries.
Blogosphere
The millions of blogs on the Web.
Bot
(or zombie) A computer that has been compromised by, and is under the control of, a hacker.
Botnet
A network of computers that has been compromised by, and is under the control of, a hacker, who is called the botmaster.
Bricks-and-mortar organizations
Organizations in which the product, the process, and the delivery agent are all physical.
Business continuity planning
The chain of events linking planning to protection and to recovery.
Business environment
The combination of social, legal, economic, physical, and political factors in which businesses conduct their operations.
Business intelligence system
A system that provides computer-based support for complex, nonroutine decisions, primarily for middle managers and knowledge workers.
Business model
The method by which a company generates revenue to sustain itself.
Business process
A collection of related activities that create a product or a service of value to the organization, its business partners, and/or its customers.
Business process improvement
An incremental approach to improving business processes. It looks for root causes to problems in process inputs, the process itself, or in process outputs, resulting in less radical and less disruptive business changes.
Business process management
A management technique that includes methods and tools to support the design, analysis, implementation, management, and optimization of business processes.
Business process reengineering
A radical redesign of a business process that improves its efficiency and effectiveness, often by beginning with a “clean sheet” (i.e., from scratch).
Business rules
Precise descriptions of policies, procedures, or principles in any organization that stores and uses data to generate information.
Business-information technology alignment
The tight integration of the IT function with the strategy, mission, and goals of the organization.
Business-to-business electronic commerce
Electronic commerce in which both the sellers and the buyers are business organizations.
Business-to-consumer electronic commerce
Electronic commerce in which the sellers are organizations and the buyers are individuals.
Business-to-employee electronic commerce
An organization using electronic commerce internally to provide information and services to its employees.
Buy-side marketplace
Business-to-business model in which organizations buy needed products or services from other organizations electronically, often through a reverse auction.
Byte
An 8-bit string of data, needed to represent any one alphanumeric character or simple mathematical operation.
Cache memory
A type of high-speed memory that enables the computer to temporarily store blocks of data that are used more often and that a processor can access more rapidly than main memory (random access memory).
Cardinality
The uniqueness of data values with a column in a database. High cardinality means that the column has mostly unique values. Low cardinality means that the column has several “repeats” in its data range.
Central processing unit (CPU)
Hardware that performs the actual computation or “number crunching” inside any computer.
Certificate authority
A third party that acts as a trusted intermediary between computers (and companies) by issuing digital certificates and verifying the worth and integrity of the certificates.
Channel conflict
The alienation of existing distributors when a company decides to sell to customers directly online.
Clicks-and-mortar organizations
Organizations that do business in both the physical and digital dimensions.
Clickstream data
Data collected about user behaviour and browsing patterns by monitoring users’ activities when they visit a website.
Cloud computing
A technology in which tasks are performed by computers physically removed from the user and accessed over a network, in particular the Internet.
Code of ethics
A collection of principles intended to guide decision making by members of an organization.
Collaborative consumption
Peer-to-peer sharing or renting.
Communications controls
(or network controls) Controls that deal with the movement of data across networks.
Competitive advantage
An advantage over competitors in some measure such as cost, quality, or speed; leads to control of a market and to larger-than-average profits.
Competitive forces model
A business framework devised by Michael Porter that analyzes competitiveness by recognizing five major forces that could endanger a company’s position.
Component-based development
A software development methodology that uses standard components to build applications.
Computer programs
The sequences of instructions for the computer, which comprise software.
Computer-aided software engineering (CASE)
A software development approach that uses specialized tools to automate many of the tasks in the systems development life cycle; upper CASE tools automate the early stages of the life cycle and lower CASE tools automate the later stages.
Computer-based information system
An information system that uses computer technology to perform some or all of its intended tasks.
Connectivity
The classification of a relationship: one-to-one, one-to-many, or many-to-many.
Consumer-to-consumer electronic commerce
Electronic commerce in which both the buyer and the seller are individuals (not businesses).
Continuous application development
The process of steadily adding new computer code to a software project when the new computer code is ready.
Control environment
Controls that encompass management attitudes toward controls, as evidenced by management actions, as well as by stated policies and procedures that address ethical issues and the quality of supervision.
Control unit
Portion of the CPU that controls the flow of information.
Controls
(or countermeasures) Defence mechanisms used to safeguard assets, optimize the use of the organization’s resources, and prevent or detect errors or fraud.
Cookies
Small amounts of information that websites store on your computer, temporarily or more or less permanently.
Copyright
A grant that provides the creator of intellectual property with ownership of it for a specified period of time, currently the life of the creator plus 50 years.
Cross-functional business process
A process in which no single functional area is responsible for a process’s completion; multiple functional areas collaborate to perform the function.
Cybercrime
Illegal activities executed on the Internet.
Cybersquatting
Registering domain names in the hope of selling them later at a higher price.
Cyberterrorism
A premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents.
Cyberwarfare
War in which a country’s information systems could be paralyzed from a massive attack by destructive software.
Dashboard
(or digital dashboard) A special form of IS that supports all managers of the organization by providing rapid access to timely information and direct access to structured information in the form of reports.
Data dictionary
A collection of definitions of data elements; data characteristics that use the data elements; and the individuals, business functions, applications, and reports that use these data elements.
Data file
(or table) A collection of logically related records.
Data governance
An approach to managing information across an entire organization.
Data items
An elementary description of things, events, activities, and transactions that are recorded, classified, and stored but are not organized to convey any specific meaning.
Data mart
A low-cost, scaled-down version of a data warehouse that is designed for the end-user needs in a strategic business unit (SBU) or a department.
Data model
A diagram that represents entities in the database and their relationships.
Data warehouse
A repository of historical data that are organized by subject to support decision makers in the organization.
Database
A collection of related files or tables containing data.
Database management system (DBMS)
The software program (or group of programs) that provides access to a database.
Demilitarized zone
A separate organizational local area network that is located between an organization’s internal network and an external network, usually the Internet.
Denial-of-service attack
A cyberattack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources.
Digital certificate
An electronic document attached to a file certifying that this file is from the organization it claims to be from and has not been modified from its original format or content.
Digital divide
The gap between those who have access to information and communications technology and those who do not.
Digital dossier
An electronic description of an individual and his or her habits.
Digital wallet
An application used for making online payments
Direct conversion
A systems implementation process in which the old system is cut off and the new system is turned on at a certain point in time.
Disintermediation
Elimination of intermediaries in electronic commerce.
Distributed denial-of-service attack
A denial-of-service attack that sends a flood of data packets from many compromised computers simultaneously.
Documentation
Written description of the functions of a software program.
E-government
The use of electronic commerce to deliver information and public services to citizens, business partners, and suppliers of government entities, and those working in the public sector.
E-procurement
Purchasing by using electronic support.
Electronic banking
(or cyberbanking) Various banking activities conducted electronically from home, a business, or on the road instead of at a physical bank location.
Electronic business
(or e-business) A broader definition of electronic commerce, including buying and selling of goods and services, and servicing customers, collaborating with business partners, conducting e-learning, and conducting electronic transactions within an organization.
Electronic commerce
(or EC or e-commerce) The process of buying, selling, transferring, or exchanging products, services, or information via computer networks, including the Internet.
Electronic commerce systems
A type of interorganizational information system that enables organizations to conduct transactions, called business-to-business electronic commerce, and customers to conduct transactions with businesses, called business-to-consumer electronic commerce.
Electronic mall
(or cybermall or e-mall) A collection of individual shops under one Internet address.
Electronic marketplace
A virtual market space on the Web where many buyers and many sellers conduct electronic business activities.
Electronic payment mechanisms
Computer-based systems that allow customers to pay for goods and services electronically, rather than writing a cheque or using cash.
Electronic retailing
(or e-tailing) The direct sale of products and services through storefronts or electronic malls to the end customer, usually designed around an electronic catalogue format and/or auctions.
Electronic storefront
The website of a single company, with its own Internet address, at which orders can be placed.
Electronic surveillance
Tracking people’s activities with the aid of computers.
Employee monitoring systems
Systems that monitor employees’ computers, email activities, and Internet surfing activities.
Encryption
The process of converting an original message into a form that cannot be read by anyone except the intended receiver.
End-user development
A software development approach in which the organization’s end users develop their own applications with little or no formal assistance from the IT department.
Enterprise resource planning systems
Information systems that correct a lack of communication among the functional area ISs by tightly integrating the functional area ISs via a common database.
Entity
Any person, place, thing, or event of interest to a user.
Entity-relationship (ER) diagram
A document that shows data entities and attributes and relationships among them.
Entity-relationship (ER) modelling
The process of designing a database by organizing data entities to be used and identifying the relationships among them.
Entry barrier
Product or service feature that customers expect from organizations in a certain industry; an organization trying to enter this market must provide this product or service at a minimum to be able to compete.
Ergonomics
The science of adapting machines and work environments to people; it focuses on creating an environment that is safe, well lit, and comfortable.
Ethics
The principles of right and wrong that individuals use to make choices to guide their behaviours.
Exchanges
(or Public exchanges) Electronic marketplaces in which there are many sellers and many buyers, and entry is open to all; frequently owned and operated by a third party.
Expert system
A system that attempts to duplicate the work of human experts by applying reasoning capabilities, knowledge, and expertise within a specific domain.
Explicit knowledge
The more objective, rational, and technical types of knowledge.
Exposure
The harm, loss, or damage that can result if a threat compromises an information resource.
Extensible markup language (XML)
A computer language that makes it easier to exchange data among a variety of applications and to validate and interpret these data.
Fat clients
Computers that offer full functionality without having to connect to a network.
Feasibility study
An investigation that gauges the probability of success of a proposed project and provides a rough assessment of the project’s feasibility.
Field
A characteristic of interest that describes an entity.
Firewall
A system (either hardware, software, or a combination of both) that prevents a specific type of information from moving between untrusted networks, such as the Internet, and private networks, such as your company’s network.
Flash memory devices
Nonvolatile electronic storage devices that are compact, are portable, require little power, and contain no moving parts.
Foreign key
A field (or group of fields) in one table that uniquely identifies a row (or record) of another table.
Forward auction
Auction that sellers use as a selling channel to many potential buyers; the highest bidder wins the items.
Functional area information system
A system that supports a particular functional area within the organization.
Functional dependency
A means of expressing that the value of one particular attribute is associated with, or determines, a specific single value of another attribute.
General controls
Controls that apply to more than one functional area.
Gesture recognition
An input method that interprets human gestures, in an attempt for computers to begin to understand human body language.
Globalization
The integration and interdependence of economic, social, cultural, and ecological facets of life, enabled by rapid advances in information technology.
Graphical user interface
Systems software that allows users to have direct control of the hardware by manipulating visible objects (such as icons) and actions, which replace command syntax.
Grid computing
A technology that applies the unused processing resources of many geographically dispersed computers in a network to form a virtual supercomputer.
Group purchasing
The aggregation of purchasing orders from many buyers so that a volume discount can be obtained.
Hardware
A device such as a processor, monitor, keyboard, or printer. Together, these devices accept, process, and display data and information.
HTML5
A page-description language that makes it possible to embed images, audio, and video directly into a document without add-ons. Also makes it easier for web pages to function across different display devices, including mobile devices and desktops, and supports the storage of data offline.
Hybrid clouds
Clouds composed of public and private clouds that remain unique entities but are bound together, offering the benefits of multiple deployment models.
Hypertext markup language (HTML)
A page-description language for specifying how text, graphics, video, and sound are placed on a web page document.
Identity theft
Crime in which someone uses the personal information of others to create a false identity and then uses it for some fraud.
Implementation
The process of converting from an old computer system to a new one.
Individual social responsibility
Efforts by organizations or individuals to solve various social problems.
Information
Data that have been organized so that they have meaning and value to the recipient.
Information privacy
The right to determine when, and to what extent, personal information can be gathered by and/or communicated to others.
Information security
Protecting an organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Information system
A system that collects, processes, stores, analyzes, and disseminates information for a specific purpose.
Information systems audit
An examination of information systems, their inputs, outputs, and processing.
Information technology
Any computer-based tool that people use to work with information and support the information and information-processing needs of an organization.
Information technology components
Hardware, software, databases, and networks.
Information technology infrastructure
IT components plus IT services.
Information technology platform
Formed by the IT components of hardware, software, networks (wireline and wireless), and databases.
Information technology services
Services performed by IT personnel using IT components, including developing information systems, overseeing security and risk, and managing data.
Informed user
A person knowledgeable about information systems and information technology.
Infrastructure-as-a-service (IaaS) model
A model with which cloud computing providers offer remotely accessible servers, networks, and storage capacity.
Instance
Each row in a relational table, which is a specific, unique representation of the entity.
Integrated CASE (ICASE) tools
CASE tools that provide links between upper CASE and lower CASE tools.
Intellectual capital
(or intellectual assets) Other terms for “knowledge.”
Intellectual property
The intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright laws.
Interorganizational information systems
Information systems that connect two or more organizations.
IS operational plan
A clear set of projects that the IS department and the functional area managers will execute in support of the IT strategic plan.
IT governance
A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes.
IT steering committee
A committee, composed of a group of managers and staff representing various organizational units, set up to establish IT priorities and to ensure that the MIS function is meeting the needs of the enterprise.
IT strategic plan
A set of long-range goals that describe the IT infrastructure and major IT initiatives needed to achieve the goals of the organization.
Join operation
A database operation that combines records from two or more tables in a database.
Joint application design
A group-based tool for collecting user requirements and creating system designs.
Knowledge
Data and/or information that have been organized and processed to convey understanding, experience, accumulated learning, and expertise as they apply to a current problem or activity.
Knowledge management (KM)
A process that helps organizations identify, select, organize, disseminate, transfer, and apply information and expertise that are part of the organization’s memory and that typically reside within the organization in an unstructured manner.
Knowledge management systems (KMSs)
Information technologies used to systematize, enhance, and expedite intra- and interfirm knowledge management.
Knowledge workers
Professional employees such as financial and marketing analysts, engineers, lawyers, and accountants, who are experts in a particular subject area and create information and knowledge, which they integrate into the business.
Least privilege
A principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization.
Liability
A legal concept that gives individuals the right to recover the damages done to them by other individuals, organizations, or systems.
Logic bombs
Segments of computer code embedded within an organization’s existing computer programs.
Logical controls
Controls that are implemented by software.
Lower CASE tools
Tools used to automate later stages in the systems development life cycle (programming, testing, operation, and maintenance).
Magnetic disks
(or hard drives or fixed disk drives) A form of secondary storage on a magnetized disk divided into tracks and sectors that provide addresses for various pieces of data.
Magnetic tape
A secondary storage medium on a large open reel or in a smaller cartridge or cassette.
Make-to-order
The strategy of producing customized products and services.
Malware
Malicious software such as viruses and worms.
Mashup
Website that takes different content from a number of other websites and mixes them together to create a new kind of content.
Mass customization
A production process in which items are produced in large quantities but are customized to fit the desires of each customer.
Master data
A set of core data, such as customer, product, employee, vendor, geographic location, and so on, that span an enterprise’s information systems.
Master data management
A process that provides companies with the ability to store, maintain, exchange, and synchronize a consistent, accurate, and timely “single version of the truth” for a company’s core master data.
Microblogging
A form of blogging that allows users to write short messages (or capture an image or embedded video) and publish them.
Microprocessor
The CPU, made up of millions of transistors embedded in a circuit on a silicon wafer or chip.
Mobile commerce
(or m-commerce) Electronic commerce conducted in a wireless environment.
Moore’s law
Prediction by Gordon Moore, an Intel cofounder, that microprocessor complexity would double approximately every two years.
Multichannelling
A process in which a company makes its products available for sale using both online and off-line channels (for example, through retail stores).
Multidimensional structure
Storage of data in more than two dimensions; a common representation is the Data cube.
Multimedia technology
Computer-based integration of text, sound, still images, animation, and digitized full-motion video.
Network
A connecting system (wireline or wireless) that permits different computers to share resources.
Network controls
(or Communications controls) Controls that deal with the movement of data across networks.
Normalization
A method for analyzing and reducing a relational database to its most streamlined form to ensure minimum redundancy, maximum data integrity, and optimal processing performance.
Object-oriented development
A systems development methodology that begins with aspects of the real world that must be modelled to perform a task.
Office automation system
Software that supports the daily work activities of individuals and groups, such as software for creating documents and preparing emails.
On-premise computing
A model of IT management where companies own their IT infrastructure (software, hardware, networks, and data management) and maintain it in their data centres.
Open system
Computing products that work together by using the same operating system with compatible software on all the computers that interact in an organization.
Open-source software
Software made available in source-code form at no cost to developers.
Operating system
The main system control program, which supervises the overall operations of the computer, allocates CPU time and main memory to programs, and provides an interface between the user and the hardware.
Opt-in model
A model of informed consent in which a business is prohibited from collecting any personal information unless the customer specifically authorizes it.
Opt-out model
A model of informed consent that permits a company to collect personal information until the customer specifically requests that the data not be collected.
Optical storage devices
A form of secondary storage in which a laser reads the surface of a reflective plastic platter.
Organizational social responsibility
(or individual social responsibility) Efforts by organizations or individuals to solve various social problems.
Outsourcing
The use of outside contractors or external organizations to acquire IT services.
Package
(or software suite) An integrated group of computer programs developed by a vendor and available for purchase in prepackaged form.
Password
A private combination of characters that only the user should know.
Patent
A document that grants the holder exclusive rights on an invention or process for a specified period of time, currently 20 years.
Permission marketing
Method of marketing that asks consumers to give their permission to voluntarily accept online advertising and email.
Personal application software
General-purpose, off-the-shelf application programs that support general types of processing, rather than being linked to any specific business function.
Phased conversion
A systems implementation process that introduces components of the new system in stages, until the entire new system is operational.
Phishing attack
An attack that uses deception to fraudulently acquire sensitive personal information by masquerading as an official-looking email.
Physical controls
Controls that restrict unauthorized individuals from gaining access to a company’s computer facilities.
Pilot conversion
A systems implementation process that introduces the new system in one part of the organization on a trial basis; when the new system is working properly, it is introduced in other parts of the organization.
Piracy
Copying a software program (other than freeware, demo software, etc.) without making payment to the owner.
Platform-as-a-service (PaaS) model
A model with which customers rent servers, operating systems, storage, a database, software development technologies such as Java and .NET, and network capacity over the Internet.
Pop-under ad
An advertisement that is automatically launched by some trigger and appears underneath the active window.
Pop-up ad
An advertisement that is automatically launched by some trigger and appears in front of the active window.
Primary activities
Those business activities related to the production and distribution of the firm’s products and services, thus creating value.
Primary key
A field (or attribute) of a record that uniquely identifies that record so that it can be retrieved, updated, and sorted.
Primary storage
(or main memory) High-speed storage located directly on the motherboard that stores data to be processed by the CPU, instructions telling the CPU how to process the data, and operating system programs.
Privacy
The right to be left alone and to be free of unreasonable personal intrusions.
Privacy codes
(or privacy policies) An organization’s guidelines for protecting the privacy of customers, clients, and employees.
Privacy policies
(or privacy codes) An organization’s guidelines for protecting the privacy of customers, clients, and employees.
Private clouds
(or Internal clouds or Corporate clouds) IT infrastructures that are accessible only by a single entity or by an exclusive group of related entities that share the same purpose and requirements, such as all the business units within a single organization.
Privilege
A collection of related computer system operations that can be performed by users of the system.
Procedures
The set of instructions for combining hardware, software, database, and network components in order to process information and generate the desired output.
Profiling
The process of forming a digital dossier.
Programmers
IS professionals who modify existing computer programs or write new computer programs to satisfy user requirements.
Programming
The translation of a system’s design specifications into computer code.
Proprietary software
Software that has been developed by a company and has restrictions on its use, copying, and modification.
Prototype
A small-scale working model of an entire system or a model that contains only the components of the new system that are of most interest to the users.
Prototyping
An approach to systems development that defines an initial list of user requirements, builds a prototype system, and then improves the system in several iterations based on users’ feedback.
Public clouds
Shared, easily accessible, multicustomer IT infrastructures that are available nonexclusively to any entity in the general public (individuals, groups, and/or organizations).
Public exchanges
(or exchanges) Electronic marketplaces in which there are many sellers and many buyers, and entry is open to all; frequently owned and operated by a third party.
Public-key encryption
(or asymmetric encryption) A type of encryption that uses two different keys: a public key and a private key.
Query by example (QBE)
Obtaining information from a relational database by filling out a grid or template—also known as a Form—to construct a sample or a description of the data desired.
Random access memory
The part of primary storage that holds a software program and small amounts of data when they are brought from secondary storage.
Rapid application development
A systems development method that uses special tools and an iterative approach to rapidly produce a high-quality system.
Read-only memory
Type of primary storage where certain critical instructions are safeguarded; the storage is nonvolatile and retains the instructions when the power to the computer is turned off.
Really Simple Syndication
A technology that allows users to receive the information they want, when they want it, without having to surf thousands of websites.
Record
A grouping of logically related fields.
Registers
High-speed storage areas in the CPU that store very small amounts of data and instructions for short periods.
Relational database model
A data model based on the simple concept of tables in order to capitalize on characteristics of rows and columns of data.
Relationships
Operators that illustrate an association between two entities.
Responsibility
A tenet of ethics in which you accept the consequences of your decisions and actions.
Reverse auction
Auction in which one buyer, usually an organization, seeks to buy a product or a service, and suppliers submit bids; the lowest bidder wins.
Risk
The likelihood that a threat will occur.
Risk acceptance
A strategy in which the organization accepts the potential risk, continues to operate with no controls, and absorbs any damages that occur.
Risk analysis
The process by which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it.
Risk limitation
A strategy in which the organization limits its risk by implementing controls that minimize the impact of a threat.
Risk management
A process that identifies, controls, and minimizes the impact of threats, in an effort to reduce risk to manageable levels.
Risk mitigation
A process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan.
Risk transference
A process in which the organization transfers the risk by using other means to compensate for a loss, such as by purchasing insurance.
Scope creep
The addition of functions to an information system after the project has begun.
Secondary key
A field that has some identifying information, but typically does not uniquely identify a record with complete accuracy.
Secondary storage
Technology that can store very large amounts of data for extended periods.
Secure socket layer
(or Transport layer security) An encryption standard used for secure transactions such as credit card purchases and online banking.
Sell-side marketplace
Business-to-business model in which organizations sell to other organizations from their own private e-marketplace and/or from a third-party site.
Server farms
Collections of hundreds or thousands of networked server computers maintained in a single location and used for applications that require very large amounts of computing power.
Server virtualization
A technology that uses software-based partitions to create multiple virtual servers (called Virtual machines) on a single physical server.
Servers
Computers that support networks, enabling users to share files, software, and other network devices.
Service-oriented architecture
An IT architecture that makes it possible to construct business applications using web services.
Smart cards
Cards that contain a microprocessor (chip) that enables the card to store a considerable amount of information (including stored funds) and to conduct processing.
Social advertising
Advertising formats that make use of the social context of the user viewing the ad.
Social capital
The number of connections a person has within and between social networks.
Social commerce
The delivery of electronic commerce activities and transactions through social computing.
Social computing
A type of information technology that combines social behaviour and information systems to create value.
Social engineering
Getting around security systems by tricking computer users inside a company into revealing sensitive information or gaining unauthorized access privileges.
Social graph
A map of all relevant links or connections for one member of a social network.
Social intelligence
The monitoring, collection, and analysis of socially generated data and the resultant strategic decisions.
Social interface
A user interface that guides the user through computer applications by using cartoon-like characters, graphics, animation, and voice commands.
Social marketplaces
Online intermediaries that harness the power of social networks for introducing, buying, and selling products and services.
Social network
A social structure composed of individuals, groups, or organizations linked by values, visions, ideas, financial exchange, friendship, kinship, conflict, or trade.
Social networking
Activities performed using social software tools (e.g., blogging) or social networking features (e.g., media sharing).
Social shopping
A method of electronic commerce that takes all of the key aspects of social networks—friends, groups, voting, comments, discussions, reviews, etc.—and focuses them on shopping.
Software
A set of computer programs that enable the hardware to process data.
Software suite
An integrated group of computer programs developed by a vendor and available for purchase in prepackaged form.
Software-as-a-service
A method of delivering software in which a vendor hosts the applications and provides them as a service to customers over a network, typically the Internet.
Software-as-a-service (SaaS) delivery model
A delivery model with which cloud computing vendors provide software that is specific to their customers’ requirements.
Solid-state drives
Data storage devices that serve the same purpose as a hard drive and store data in memory chips.
Spam
Unsolicited email.
Spamming
Indiscriminate distribution of email without the receiver’s permission.
Spamware
Alien software that uses your computer as a launch platform for spammers.
Spear phishing
An attack that uses deception to target large groups of people, by masquerading as official-looking emails or instant messages.
Speech-recognition software
Software that recognizes and interprets human speech, either one word at a time (discrete speech) or in a stream (continuous speech).
Spyware
Alien software that can record your keystrokes and/or capture your passwords.
Stored-value money cards
A form of electronic cash on which a fixed amount of prepaid money is stored; the amount is reduced each time the card is used.
Strategic information systems
Systems that help an organization gain a competitive advantage by supporting its strategic goals and/or increasing performance and productivity.
Structured query language (SQL)
The most popular query language for requesting information from a relational database.
Supply chain
The flow of materials, information, money, and services from suppliers of raw materials through factories and warehouses to the end customers.
Support activities
Business activities that do not add value directly to a firm’s product or service under consideration but support the primary activities that do add value.
Systems analysis
The examination of the business problem that the organization plans to solve with an information system.
Systems analysts
IS professionals who specialize in analyzing and designing information systems.
Systems design
The way in which a new system will resolve a business problem.
Systems development life cycle
The traditional structured framework, used for large IT projects, that consists of sequential processes by which information systems are developed.
Systems investigation
The initial stage in the traditional systems development life cycle that addresses the business problem (or business opportunity) by means of the feasibility study.
Systems software
The class of computer instructions that serve primarily as an intermediary between computer hardware and application programs; provides important self-regulatory functions for computer systems.
Systems stakeholders
All people who are affected by changes in information systems.
Table
(or Data file) A collection of logically related records.
Tacit knowledge
The cumulative store of subjective or experiential learning, which is highly personal and hard to formalize.
Tag
A keyword or term that describes a piece of information.
Technical specialists
Experts in a certain type of technology, such as databases or telecommunications.
Ternary relationship
A relationship that exists when three entities are associated.
Thin client
A computer that does not offer the full functionality of a fat client.
Threat
Any danger to which an information resource may be exposed.
Thumb drive
Storage device that fits into the universal serial bus port of a personal computer and is used for portable storage.
Trade secret
Intellectual work, such as a business plan, that is a company secret and is not based on public information.
Transaction processing system
A system that supports the monitoring, collection, storage, and processing of data from the organization’s basic business transactions, each of which generates data.
Transport layer security
(or secure socket layer) An encryption standard used for secure transactions such as credit card purchases and online banking.
Trap door
(or Back door) Typically a password, known only to the attacker, that allows the attacker to access the system without having to go through any security procedures.
Trojan horse
A software program containing a hidden function that presents a security risk.
Tunnelling
A process that encrypts each data packet to be sent and places each encrypted packet inside another packet.
Tweets
Messages and updates posted by users on Twitter.
A free microblogging service that allows its users to send messages and read other users’ messages and updates.
Unary relationship
A relationship that exists when an association is maintained within a single entity.
Upper CASE tools
Tools that are used to automate the early stages of the systems development life cycle (systems investigation, analysis, and design).
Utility computing
A technology whereby a service provider makes computing resources and infrastructure management available to a customer as needed.
Value chain
A sequence of activities through which the organization’s inputs, whatever they are, are transformed into more valuable outputs, whatever they are.
Value chain model
A business framework devised by Michael Porter that shows the primary activities that sequentially add value to the profit margin; also shows the support activities.
Value system
A business system that includes the producers, suppliers, distributors, and buyers, all with their value chains.
Viral marketing
Online word-of-mouth marketing.
Virtual organizations
(or pure play organizations) Organizations in which the product, the process, and the delivery agent are all digital.
Virtual private network
A private network that uses a public network (usually the Internet) to securely connect users by using encryption.
Virus
Malicious software that can attach itself with (or “infect”) other computer programs without the owner of the program being aware of the infection.
Vulnerability
The possibility that an information resource will be harmed by a threat.
Web 2.0
A loose collection of information technologies and applications, plus the websites that use them.
Web 2.0 media
Any website that provides user-generated media content and promotes tagging, rating, commenting, and other interactions among users and their media contributions.
Web services
Applications delivered over the Internet that IT developers can select and combine through almost any device, from personal computers to mobile phones.
Weblog
(or Blog) A personal website, open to the public, in which the site creator expresses his or her feelings or opinions with a series of chronological entries.
Whitelisting
A process in which a company identifies acceptable software and permits it to run, and either prevents anything else from running or lets new software run in a quarantined environment until the company can verify its validity.
Wiki
A website on which anyone can post material and make changes to other material.
Worms
Destructive programs that replicate themselves without requiring another program to provide a safe environment for replication.
Zombie
(or Bot) A computer that has been compromised by, and is under the control of, a hacker.
