Glossary

Business Continuity refers to the act of maintaining business functionality in the event of a major disruption or "disasters". In order to achieve this functionality, company will create a Business Continuity Plan (BCP) that consists of instructions and procedures which allow a business to respond to disruptions with little to no stoppages in its key operations.

A BCP usually consists of a business continuity impact analysis, recovery strategies and manual workarounds. A business continuity impact analysis identities the effects that possible disruptions could cause business functionality and processes. Recovery strategies consists of alternatives to restore business operation to a minimum acceptable level during disruptions based on the recovery time objectives (RTO) developed during the business impact analysis. Finally, manual workaround are developed as the last line of defense when information technology resources are not available.

BYOD is a business and technology policy that allows employees to bring in personal mobile devices (laptops, smart phones, tablets, etc.) into the work place to access privileged company information and applications.

CEO Fraud refers to a specific type of spear phishing where the email is a request for funds to be transferred immediately in order to pay a vendor or facilitate an important business transaction.  The email looks like it is coming from a C-level executive and is generally targeting someone in the finance department with authority to do bank transfers.

In the most basic terms, Cloud Computing is the act of storing and accessing data and programs over the internet in place of your physical computer hard drive. In the business world this come in many forms, including Software-as-a-Service (SaaS), Platform-as-a-Service (Paas) and Infrastructure-as-a-Service (IaaS). Cloud computing allows companies to maximize the effectiveness of shared resources and move away from the traditional CAPEX model of buying dedicated hardware that depreciates over time. Moving to the cloud allows your company to avoid upfront IT infrastructure costs and quickly adjust resources to meet changing business demands.

A Content Management System is most often used these days to run websites that contain information that must be updated frequently by a user and will often require little to no HTML or coding knowledge. These applications allows for the quick publishing, editing and modifying of content in a collaborative environment.

Common Of The Shelf software refers to applications that are typically found on most user computers.  COTS may include web browsers, PDF readers, file compression utilities, audio file players and more.  Many of these applications are free or very low cost.

Desktop-as-a-Service, also known as virtual desktop or hosted desktop services, is the outsourcing of a virtual desktop infrastructure (VDI) to a third party service provider such as XBASE Technologies. The DaaS delivery model typically has the provider of the service manage the back end responsibilities such as data storage, backup, security and upgrades.

A Datacentre is a facility used to house a large network of computer servers with the purpose of distribution of large amounts of data, remote storage and processing.

A facility is classified under four tiers, with tier III and tier IV including redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression) and security devices. The higher the tier, the more advanced the mechanisms and processes in place to secure your data and maintain functionality during disruptions.

A Distributed Denial of Service attack is a network based attack where multiple infected computers are used to target a single system - typically a website, network connection or other type of online service.  The targeted system cannot handle the volume of requests and service is effectively unavailable for the duration of the attack.

Disaster Recovery as a Service allows a business to quickly restore their data to a new hardware platform or virtual server environment in the event of disruptions or server failure. This rapid recovery allows you to resume business operations quickly and avoid the hassle of more conventional backups that may take several days or even weeks to restore business operations properly.

A Disaster Recovery Plan (DRP) is a business plan that describes how work can be resumed quickly and effectively after a disaster that results in a major disruption of business. Disaster recovery planning is part of business continuity planning and applied to aspects of an organization that rely on an IT infrastructure to function. The overall idea is to develop a plan that will allow the IT department to recover enough data and system functionality to allow a business or organization to operate.

Encryption is a reversible process that scrambles data into what is called "ciphertext" so that anyone attempting to read data without permission finds nothing but unreadable gibberish. However, when the owner of data wants access all they have to do is apply the same algorithm(cipher) used to scramble the data and the assigned key to decrypt the data for use.

In today's mobile world, a lost smart phone and laptops containing sensitive and confidential information makes encryption vital to a business. This makes strong ciphers and longer keys such as the 256-bit key advanced encryption standard (AES) recommended for businesses needing robust data protection.

Email archiving is the accumulation is emailed messages that is usually offered as a stand-alone IT application that integrates with email servers such as Microsoft Exchange. The applications also index and provide searchable independent access to archives. Businesses will often opt to implement an email archiving solution to protect mission critical data, for regulatory requirements or litigation, and to reduce production email server load.

A firewall is an application that will enforces policy based on protocol types, destination address, source address, destination ports and source ports. The policy will often come in the form of an Intrusion Detection System (IDS) or an Intrusion Prevention System (IPS). An IDS will analyze whole packets for known events and when a known event is detected a log messages detailing the event is generated. On the other hand, a IPS does the same thing except it will reject the packet when a known event is detected.

Greyware is a term that refers to malicious software or code that is considered to be in the "grey area" that exists between malicious and non-malicious software. This is a catch all term for malicious or annoying software such as adware, spyware and trackware that will often infect a computer without the average user knowing.

Infrastructure as a Service is a model of cloud computing that provides businesses with virtualized computing resources over the internet that are highly scalable and able to be adjusted on demand. In this model, a third party provider hosts servers, storage, hardware, software and other IT infrastructure components on behalf of its users. This model enables businesses to focus on their business and let the third party provider use their expertise to handle tasks like system maintenance, backup and resiliency planning.

The Internet of Things (IoT) refers collectively to network connected devices (i.e. smart devices, Internet connected appliances, embedded computers, controllers, sensors etc) and the underlying network that allows for device management and data exchange.

An ISP (Internet Service Provider) is an organization or company that provides individuals or business with access to the internet and other related services. A computers individual connection to the internet is assigned a unique string of numbers that identify the connection.

A Line of Business application refers to the core software applications that are key to the operation of your business.  Examples include your Enterprise Resource Planning (ERP) system, accounting applications, design software, and specialized industry software that you run specific to your business.

Contrasting the LOB applications are Common of the Shelf (COTS) applications which you find on most workstations including word processor, spreadsheet, presentation software, mail client, web browsers, file compression tools, PDF readers and other utilities.

A LAN (Local area network) Connects a group of computers over a small area for the purpose of sharing resources such as programs, documents, or printers.

Malware is programs designed to conduct malicious activity or do other unwanted actions on a user's computer. Targets of Malware can range from individual computers to entire networks. A common examples of malware include viruses, worms, trojan horses, and spyware.

MDM is a routine or tool that is capable of distributing applications, data, and configuration settings to mobile communications devices. This allows business to optimize the functionality and security of a mobile communications network. MDM is vital to any successful BYOD strategy.

A Managed Service Provider (MSP) is a company that manages IT infrastructure and/or end-user systems as an outsourced service, typically contracted through a subscription model and with a proactive approach to managing IT. Essentially, an MSP can be your IT department or a supplement to an in-house IT department. This allows small and medium businesses to run their business on technology that would be beyond their budgets as a capital investment. When something IT-related breaks, the MSP helps to fix it – and attempts to keep things from breaking in the first place. A great MSP will be a real partner for a business, helping to identify how IT can be used to best achieve a company’s overall goals. In other words, IT becomes a strategy, not a cost center. There are various levels of service that an MSP can provide, from network monitoring and alerts that a company will fix internally, to full-fledged problem resolution.

Cloud-based Network Monitoring service, can configure and remotely monitor important network systems such as e-mail, servers, routers, backup applications and more. If problem is detected, an alert is generated so corrective action can be taken.

Network Security is primarily focused on the authorization of access to data in a network, which is controlled by a network administrator. Network security consists of provisions and policies to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources.

The Private Cloud is a term for a proprietary computing architecture that provides hosted services to a limited number of select users behind a secure and robust infrastructure. A private cloud solution is designed for organizations that need or wants more control over their data than they can get by using a third-party shared cloud service.

A remote backup service provides users with a system for the backup and storage of computer files that is done remotely and off site. These systems usually run on a schedule and will collect, encrypt, collect and transfer data to the remote backup providers servers.

A Microsoft licensing program that enables service providers and MSP's with a hosted offering to license Microsoft products on a monthly basis to provide services and hosted applications to their end customers.  Basically, you can ‘rent’ Windows, Exchange or other Microsoft products from XBASE on a monthly payment schedule.

Software as a Service is a software delivery model that centrally hosts the data and software on the cloud. SaaS is typically accessed by users using a web browser.  This model provides applications without the need for purchasing in-house resources to run them.

Spear phishing is an email spoofing attack that targets a specific individual or company. The bad guy will write the email message in such a way that it appears to be coming from a trusted source i.e. a co-worker, friend, company that you may be doing business with. The email usually contains specific details that trick the recipient into thinking the email is legitimate and from a trustworthy source.

The purpose of the email is to try to steal confidential information or to get the recipient to install malware on their computer.

Any software that gathers user information covertly through the users internet connection and usually for the purpose of advertising.

TFA produces an extra level of security for users through the use of a security token device or mobile application when entering passwords online. Typically users have a personal identification number (PIN) that identifies them as the owner of a particular token associated with an account. The token displays a number which is entered to uniquely identify the owner to a particular network service. The identification number for each user is changed frequently, usually every few minutes. Some software produces push notifications to mobile devices that simply require one touch approval opposed to entering in a pin.

A program intended to alter data on a computer without the user knowing, usually for mischievous or destructive purposes. Viruses are most often transferred through websites, emails, downloads or external devices.

VOIP uses the Internet to transmit phone calls in place of traditional phone lines. An advantage to this approach is the user does not incur any additional surcharges beyond the cost of internet access.

WAN is a group of networked computers covering a large geographical area (e.g., the Internet).

Zero-day (or zero-hour or day zero) attacks are a computer threat that attempts to exploit application vulnerabilities that are relatively unknown. Zero-day exploits (actual software that uses a security hole to carry out an attack) are used by attackers before the developer of the target software knows about the vulnerability in most cases.