05 August 2019

🛡️Information Security: Security Policy (Definitions)

"The active policy on the client's computer that programmatically generates a granted set of permissions from a set of requested permissions. A security policy consists of several levels that interact; by default only permissions granted by all layers are allowed to be granted." (Damien Watkins et al, "Programming in the .NET Environment", 2002)

"A collection of standards, policies, and procedures created to guarantee the security of a system and ensure auditing and compliance." (Carlos Coronel et al, "Database Systems: Design, Implementation, and Management" 9th Ed, 2011)

"The set of decisions that govern security controls." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)

"In label-based access control, a database object that is associated with one or more tables and that defines how LBAC can be used to protect those tables. The security policy defines what security labels can be used, how the security labels are compared to each other, and whether optional behaviors are used. See also label-based access control, security label." (IBM, "Informix Servers 12.1", 2014)

"A written statement describing the constraints or behavior an organization embraces regarding the information provided by its users" (Nell Dale & John Lewis, "Computer Science Illuminated" 6th Ed., 2015)

"Strategic tool used to dictate how sensitive information and resources are to be managed and protected." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"Set of rules, guidelines and procedures represented in official security documents that define way in which state will protect its own national security interests." (Olivera Injac & Ramo Šendelj, "National Security Policy and Strategy and Cyber Security Risks", 2016)

"A set of rules and practices that specify or regulate how a system or an organization provides security services to protect sensitive and critical system resources." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"A statement of the rules governing the access to a system’s protected resources." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"In label-based access control, a database object that is associated with one or more tables and that defines how LBAC can be used to protect those tables. The security policy defines what security labels can be used, how the security labels are compared to each other, and whether optional behaviors are used. See also label-based access control, security label." (Sybase, "Open Server Server-Library/C Reference Manual", 2019)

"A set of criteria for the provision of security services." (CNSSI 4009-2015 NIST)

 "A set of methods for protecting a database from accidental or malicious destruction of data or damage to the database infrastructure." (Oracle)

"Security policies define the objectives and constraints for the security program. Policies are created at several levels, ranging from organization or corporate policy to specific operational constraints (e.g., remote access). In general, policies provide answers to the questions 'what' and 'why' without dealing with 'how'. Policies are normally stated in terms that are technology-independent." (NIST SP 800-82 Rev. 2)

🛡️Information Security: Trojan Horse (Definitions)

"Malware that looks like something beneficial but has a malicious component. Users are tricked into downloading and installing the malware, thinking it’s worthwhile. After the user installs the Trojan, the malicious component runs. Trojans are named after the Trojan horse from Greek mythology." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)

"A program posing as a harmless piece of software that can contain malware such as viruses or spyware." (Andy Walker, "Absolute Beginner’s Guide To: Security, Spam, Spyware & Viruses", 2005)

"Malicious code that creates backdoors, giving an attacker illegal access to a network or account through a network port." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

"software that appears to be an application but is, in fact, a destructive program." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed., 2012)

"An apparently useful and innocent program containing additional hidden code that allows the unauthorized collection, exploitation, falsification, or destruction of data. A Trojan is often received from a familiar e-mail address or URL or in the form of a familiar attachment." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)

"A form of malware application hidden within another application that introduces backdoor access." (Mike Harwood, "Internet Security: How to Defend Against Attackers on the Web 2nd Ed.", 2015)

"A malicious program disguised as a benevolent resource" (Nell Dale & John Lewis, "Computer Science Illuminated, 6th Ed.", 2015)

"A piece of malicious software that looks harmless but has a detrimental effect on a computer when it runs." (Faithe Wempen, "Computing Fundamentals: Introduction to Computers", 2015)

"A program that is disguised as another program with the goal of carrying out malicious activities in the background without the user knowing." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"A piece of software or code that is disguised as a legitimate software that is created with the intention to breach a system or networks security." (Hamid R Arabnia et al, "Application of Big Data for National Security", 2015)

"Software that either hides or masquerades as a useful or benign program." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

04 August 2019

🛡️Information Security: Exploit (Definitions)

"A program that takes advantage of a known security weakness in a computer." (Andy Walker, "Absolute Beginner’s Guide To: Security, Spam, Spyware & Viruses", 2005)

"An exploit is a technique or software code (often in the form of scripts) that takes advantage of vulnerability or security weakness in a piece of target software." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"Used as a noun in this case, this refers to a known way to compromise a program to get it to do something the author didn’t intend. Your task is to write unexploitable programs." (Jon Orwant et al, "Programming Perl" 4th Ed., 2012)

"Either: an attack technique that can be directed at a particular computer system or software component and that takes advantage of a specific vulnerability, or the act of successfully implementing such an attack technique." (Mark Rhodes-Ousley, "Information Security: The Complete Reference, Second Edition" 2nd Ed., 2013)

"An exploit is a particular form of attack in which a tried and tested method of causing impact is followed with some rigour. Exploits are similar in nature to processes, but whereas processes are generally benign, exploits are almost always harmful." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"A method or program that takes advantage of a vulnerability in a target system to accomplish an attack." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"An attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

🛡️Information Security: Data Loss Prevention [DLP] (Definitions)

"Attempts to prevent the loss of confidentiality of sensitive information by limiting the use of confidential information only for authorized purposes." (David G Hill, "Data Protection: Governance, Risk Management, and Compliance", 2009)

"A set of technologies and inspection techniques used to classify information content contained within an object—such as a file, an email, a packet, an application or a data store - while at rest (in storage), in use (during an operation), or in transit (across a network). DLP tools also have the ability to dynamically apply a policy - such as log, report, classify, relocate, tag, and encrypt - and/or apply enterprise data rights management protections." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"Data loss prevention (DLP; also known as data leak prevention) is a computer security term referring to systems that identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, and so on) and with a centralized management framework. Systems are designed to detect and prevent unauthorized use and transmission of confidential information." (Robert F Smallwood, "Information Governance for Healthcare Professionals", 2018)

[data leak prevention (DLP):] "The actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide, 8th Ed", 2018)

"A capability that detects and prevents violations to corporate policies regarding the use, storage, and transmission of sensitive data. Its purpose is to enforce policies to prevent unwanted dissemination of sensitive information." (Forrester)

 "A systems ability to identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep packet content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.), within a centralized management framework. Data loss prevention capabilities are designed to detect and prevent the unauthorized use and transmission of NSS information." (CNSSI 4009-2015) 

03 August 2019

🛡️Information Security: Cryptography (Definitions)

"Cryptography is the science of hiding information through ciphers and codes. Cryptographers devise new cryptographic algorithms." (Michael Coles & Rodney Landrum, , "Expert SQL Server 2008 Encryption", 2008)

"The process of converting data into an unreadable form via an encryption algorithm. Cryptography enables information to be sent across communication networks that are assumed to be insecure, without losing confidentiality or the integrity of the information being sent." (Alex Berson & Lawrence Dubov, "Master Data Management and Data Governance", 2010)

"The science (or art) of providing secrecy, integrity, and non-repudiation for data." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"The art or science of rendering plain information unintelligible, and for restoring encrypted information to intelligible form." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"Science of secret writing that enables an entity to store and transmit data in a form that is available only to the intended individuals." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"The encoding of data so that it can be decoded only by certain persons. The role of cryptography is to protect data integrity, confidentiality, nonrepudiation, and authentication." (Mike Harwood, "Internet Security: How to Defend Against Attackers on the Web" 2nd Ed., 2015)

"The field of study related to encoded information" (Nell Dale & John Lewis, "Computer Science Illuminated" 6th Ed., 2015)

"The science of secret writing that enables storage and transmission of data in a form that is available only to the intended individuals." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"The study of algorithmic transformations from plain text to encrypted forms in which the unencrypted data cannot be ascertained without possession of the encryption key." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"A technique to secure communication or data." (AICPA)

"Art or science concerning the principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form."(CNSSI 4009-2015 NSA/CSS) 

"The art and science of using mathematics to secure information and create a high degree of trust in the electronic realm." (NISTIR 7316) 

"The discipline that embodies principles, means and methods for providing information security, including confidentiality, data integrity, non-repudiation, and authenticity." (NISTIR 8040)

"The discipline that embodies the principles, means, and methods for the transformation of data in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification." (NIST SP 800-59)


🛡️Information Security: Countermeasure (Definitions)

"A control, method, technique, or procedure that is put into place to prevent a threat agent from exploiting a vulnerability. A countermeasure is put into place to mitigate risk. Also called a safeguard or control." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"A defensive mechanism intended to address a class of attack." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"An action, a device, a procedure, or a technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"Countermeasures are steps that can be taken, and systems that can be implemented, to prevent internal and external threats from accessing your data and causing issues." (Michael Coles & Rodney Landrum, , "Expert SQL Server 2008 Encryption", 2008)

"Used to refer to any type of control" (ITIL)

30 July 2019

💻IT: Social Engineering (Definitions)

"Using trickery and charm to extract security information such as passwords from an individual." (Andy Walker, "Absolute Beginner’s Guide To: Security, Spam, Spyware & Viruses", 2005)

"A nontechnological method for gaining unauthorized access to a computer system by tricking people into revealing access information." (Jan L Harrington, "Relational Database Design and Implementation"3rd Ed., 2009)

"Collection of tactics used to manipulate people into performing actions or divulging confidential information." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

"Obtaining or attempting to obtain otherwise secure data with fraud and deceit by tricking an individual into revealing confidential information." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed., 2012)

"The art of manipulating people into performing desired actions." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"Gaining unauthorized access by tricking someone into divulging sensitive information." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"It describes a type of intrusion that relies heavily on human interaction rather than on specific technical methods. It often involves deceitful approaches to obtain, for example, sensitive information, and break into computer systems." (Hamid R Arabnia et al, "Application of Big Data for National Security", 2015)

"The act of manipulating people into divulging information." (Weiss, "Auditing IT Infrastructures for Compliance, 2nd Ed", 2015)

"The art of obtaining someone's password either by befriending her or tricking her into sharing it." (Faithe Wempen, "Computing Fundamentals: Introduction to Computers", 2015)

"The practice of obtaining confidential information by manipulating users in social communication." (Mike Harwood, "Internet Security: How to Defend Against Attackers on the Web 2nd Ed.", 2015)

"The process of attempting to trick someone into revealing information (for example, a password) that can be used to attack an enterprise or into performing certain actions, such as downloading and executing files that appear to be benign but are actually malicious." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The psychological manipulation of people into unwittingly performing actions favorable to an attacker, such as divulging passwords or other confidential information." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

💻IT: Network (Definitions)

"Mathematically defined structure of a computing system where the operations are performed at specific locations (nodes) and the flow of information is represented by directed arcs." (Guido Deboeck & Teuvo Kohonen (Eds), "Visual Explorations in Finance with Self-Organizing Maps 2nd Ed.", 2000)

"A system of interconnected computing resources (computers, servers, printers, and so on)." (Sharon Allen & Evan Terry, "Beginning Relational Data Modeling 2nd Ed.", 2005)

"A system of connected computers. A local area network (LAN) is contained within a single company, in a single office. A wide area network (WAN) is generally distributed across a geographical area — even globally. The Internet is a very loosely connected network, meaning that it is usable by anyone and everyone." (Gavin Powell, "Beginning Database Design", 2006)

"A system of interconnected devices that provides a means for data to be transmitted from point to point." (Janice M Roehl-Anderson, "IT Best Practices for Financial Managers", 2010)

"1.Visually, a graph of nodes and connections where more than one entry point for each node is allowed. 2.In architecture, a topological arrangement of hardware and connections to allow communication between nodes and access to shared data and software." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"The connection of computer systems (nodes) by communications channels and appropriate software. |" (Marcia Kaufman et al, "Big Data For Dummies", 2013)

"The means by which electronic communications occurs between two or more nodes" (Daniel Linstedt & W H Inmon, "Data Architecture: A Primer for the Data Scientist", 2014)

"Two or more computers connected to share data and resources." (Faithe Wempen, "Computing Fundamentals: Introduction to Computers", 2015)

"People working towards a common purpose or with common interests where there is no requirement for members of the network to have a work relationship with others, and there is no requirement for mutuality as there is with a team." (Catherine Burke et al, "Systems Leadership, 2nd Ed,", 2018)

💻IT: False Negative (Definitions)

"Spam that is mistaken for legitimate email." (Andy Walker, "Absolute Beginner’s Guide To: Security, Spam, Spyware & Viruses", 2005)

"Failing to report an event that should have been reported." (W Roy Schulte & K Chandy, "Event Processing: Designing IT Systems for Agile Companies", 2009)

"A subject who is identified as failing to have experienced the event of interest (e.g., exposure, disease) but has truly experienced the event is termed a false negative." (Herbert I Weisberg, "Bias and Causation: Models and Judgment for Valid Comparisons", 2010)

"An incorrect result, which fails to detect a condition or return a result that is actually present." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"An incorrect result as reported by a detective device, such as an IDS, an antivirus program, or a biometric security device. For example, an antivirus program may not “catch” a virus-infected file, or a fingerprint reader may incorrectly fail the fingerprint of the true user." (Mark Rhodes-Ousley, "Information Security: The Complete Reference, Second Edition, 2nd Ed.", 2013)

"A test result that incorrectly reports that a condition being tested for is absent, when, in fact, it is present (e.g., an intrusion detection subsystem falsely reports no attacks in the attack space of an enterprise system)." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"A condition when using optimistic locking whereby a row that was not updated since it was selected cannot be updated without first being selected again. Optimistic locking support does not allow a false positive to happen, but a false negative might happen. See also false positive." (Sybase, "Open Server Server-Library/C Reference Manual", 2019)

[false-negative result:] "A test result which fails to identify the presence of a defect that is actually present in the test object." (Software Quality Assurance)

29 July 2019

💻IT: Software-as-a-Service [SaaS] (Definitions)

"A distribution method for software through a network interface." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"Applications that are licensed to customers for use as a service on demand." (Gina Abudi & Brandon Toropov, "The Complete Idiot's Guide to Best Practices for Small Business", 2011)

"a software deployment model where a provider licenses an application to customers for use over the Internet, without requiring purchase and installation of the licenses." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed., 2012)

"The delivery of computer applications over the Internet." (Marcia Kaufman et al, "Big Data For Dummies", 2013)

"A delivery mechanism in which an application and all of the associated resources are provided to organizations by a vendor, typically through a web browser. Commonly abbreviated as SaaS." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"Abbreviation for software as a service. It is the capability provided to the consumer to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings." (James R Kalyvas & Michael R Overly, "Big Data: A Businessand Legal Guide", 2015)

"Software as a Service is the delivery of computer applications over the Internet on a per user per month charge basis." (Judith S Hurwitz, "Cognitive Computing and Big Data Analytics", 2015)

"A model of software deployment or service where customers use applications on demand." (Mike Harwood, "Internet Security: How to Defend Against Attackers on the Web" 2nd Ed., 2015)

"An approach to software licensing and delivery in which software is hosted remotely in the cloud and accessed via an Internet browser." (Jonathan Ferrar et al, "The Power of People: Learn How Successful Organizations Use Workforce Analytics To Improve Business Performance", 2017)

"Cloud application services in which applications are delivered over the Internet by the software provider, typically for a monthly fixed fee. The applications are not installed, nor do they run on the client’s computers; instead, they are accessed by a Web browser. Two important characteristics of SaaS are as follows: Network and Web-based access to commercial software computing services in which the processing is done on a third party server, rather than at each customer’s location. A tenant-based pricing model for hardware, software, administration, and consulting services." (John H Higgins & Bryan L Smith, "10 Steps to a Digital Practice in the Cloud" 2nd Ed., 2017)

"Software as a service refers to the delivery of software-based business tools via the Internet as an alternative to traditional on-premise installations." (Informatica) [source]

"Software-as-a-service (SaaS) is a model of software distribution where customers pay a monthly subscription or licensing fee and a third-party, typically the software vendor, makes the application available over the internet. SaaS is one of the primary commercial applications of cloud computing, along with infrastructure-as-a-service (Iaas) and platform-as-a-service (PaaS)." (Sumo Logic) [source]

💻IT: Platform-as-a-Service [PaaS] (Definitions)

"PaaS is defined as a computing platform delivered as a service." (Martin Oberhofer et al, "The Art of Enterprise Information Architecture", 2010)

"Delivery of an application development platform (hardware and software) from a third party via the Internet without having to buy and manage these resources." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed., 2012)

"A cloud service that abstracts the computing services, including the operating software and the development and deployment and management life cycle. It sits on top of Infrastructure as a Service." (Marcia Kaufman et al, "Big Data For Dummies", 2013)

"A cloud service that abstracts the computing services, including the operating software and the development, deployment, and management life cycle. It sits on top of Infrastructure as a Service (IaaS)." (Judith S Hurwitz, "Cognitive Computing and Big Data Analytics", 2015)

"Delivery of a computing platform as a service." (Mike Harwood, "Internet Security: How to Defend Against Attackers on the Web" 2nd Ed., 2015)

"The capability provided to the customer to deploy onto the cloud infrastructure customer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations." (James R Kalyvas & Michael R Overly, "Big Data: A Businessand Legal Guide", 2015)

"A cloud-based service that typically provides a platform on which software can be developed and deployed." (H James Harrington & William S Ruggles, "Project Management for Performance Improvement Teams", 2018)

"A complete application platform for multitenant cloud environments that includes development tools, runtime, and administration and management tools and services, PaaS combines an application platform with managed cloud infrastructure services." (Forrester)

"A services providing all the necessary infrastructure for cloud computing solutions." (Analytics Insight)

💻IT: Standardization (Definitions)

"The imposition of standards which, in turn, are fixed ways of doing things that are widely recognized." (Roy Rada &  Heather Holden, "Online Education, Standardization, and Roles", 2009)

"Formulation, publication, and implementation of guidelines, rules, methods, procedures and specifications for common and repeated use, aimed at achieving optimum degree of order or uniformity in given context, discipline, or field; standards are most frequently developed on international level; there exist national standardization bodies cooperating with international bodies; standards can be either legally binding or de facto standards followed by informal convention or voluntary standards (recommendations)." (Lenka Lhotska et al,"Interoperability of Medical Devices and Information Systems", 2013)

"A framework of agreements to which all relevant parties in an industry or organization must adhere to ensure that all processes associated with the creation of a good or performance of a service are performed within set guideline." (Victor A Afonso & Maria de Lurdes Calisto, "Innovation in Experiential Services: Trends and Challenges", 2015)

"The development of uniform specifications for materials, products, processes, practices, measurement, or performance, usually via consultation with stakeholders and sanction by a recognized body, providing for improvements in productivity, interoperability, cooperation, and accountability." (Gregory A Smith, "Assessment in Academic Libraries", 2015)

"A process of developing and implementing technical standards based on consensus among various stakeholders in the field. Standardization can greatly assist with compatibility and interoperability of otherwise disparate software components, where consistent solutions enable mutual gains for all stakeholders." (Krzysztof Krawiec et al, "Metaheuristic Design Patterns: New Perspectives for Larger-Scale Search Architectures", 2018)

"The process through which a standard is developed." (Kai Jakobs, "ICT Standardization", 2018)

"Is a framework of agreements to which professionals in an organization must accept to ensure that all processes associated with the creation of a product or service are performed within set guidelines, achieving uniformity to certain practices or operations within the selected environment. It can be seen as a professional strategy to strengthen professional trust and provide a sense of certainty for professionals or it can be interpreted as a way to lose professionalization and as an adjustment to organizational demands." (Joana V Guerra, "Digital Professionalism: Challenges and Opportunities to Healthcare Professions", 2019)

"The process of making things of the same kind, including products and services, have the same basic features and the same requirements." (Julia Krause, "Through Harmonization of National Technical Regulations to More Sustainability in Engineering Business", 2019)

💻IT: Best Practices (Definitions)

"A preferred and repeatable action or set of actions completed to fulfill a specific requirement or set of requirements during the phases within a product-development process." (Clyde M Creveling, "Six Sigma for Technical Processes: An Overview for R Executives, Technical Leaders, and Engineering Managers", 2006)

"A process or method that is generally recognized to produce superior results. The application of these should result in a positive, measurable change." (Tilak Mitra et al, "SOA Governance", 2008)

"A technique or methodology that, through past experience and research, has proven to reliably lead to a desired result. A commitment to using the best practices in any field (for example, in the domain of IT Architecture) ensures leveraging past experience and all of the knowledge and technology at one’s disposal to ensure success." (Allen Dreibelbis et al, "Enterprise Master Data Management", 2008)

"An effective way of doing something. It can relate to anything from writing program code to IT governance." (Judith Hurwitz et al, "Service Oriented Architecture For Dummies" 2nd Ed., 2009)

"A best practice is commonly understood to be a well-proven, repeatable, and established technique, method, tool, process, or activity that is more certain in delivering the desired results. This indicates that a best practice typically has been used by a large number of people or organizations and/or over a long time, with significant results that are clearly superior over other practices. Knowledge patterns can be used to formalize the description of a best practice." (Jörg Rech et al, "Knowledge Patterns" [in "Encyclopedia of Knowledge Management" 2nd Ed.], 2011)

"A specific method that improves the performance of a team or an organization and can be replicated or adapted elsewhere. Best practices often take the form of guidelines, principles, or ideas that are endorsed by a person or governing body that attests to the viability of the best practice." (Gina Abudi & Brandon Toropov, "The Complete Idiot's Guide to Best Practices for Small Business", 2011)

"A technique, method, process, discipline, incentive, or reward generally considered to be more effective at delivering a particular outcome than by other means." (Craig S Mullins, "Database Administration", 2012)

"In general, Best Practices refer to the methods, currently recognized within a given industry or discipline, to achieve a stated goal or objective. In the OPM3 context, Best Practices are achieved when an organization demonstrates consistent organizational project management processes evidenced by successful outcomes." (Project Management Institute, "Organizational Project Management Maturity Model (OPM3)" 3rd Ed, 2013)

"An effective way of doing something. It can relate to anything from writing program code to IT governance." (Marcia Kaufman et al, "Big Data For Dummies", 2013)

"Those methods, processes, or procedures that have been proven to be the most effective, based on real-world experience and measured results." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"Best practices are defined as commercial or professional procedures that are accepted or prescribed as being effective most of the time. It can also be considered a heuristic, in that is a rule of thumb that generally succeeds but is not guaranteed to always work in every instance." (Michael Winburn & Aaron Wheeler, "Cloud Storage Security", 2015)

"A 'benchmarking' approach where organisations determine who the leader in a particular practice is and then copy that approach. Useful for achieving efficiencies but may diminish differentiation if not used with caution at the strategic level." (Duncan Angwin & Stephen Cummings, "The Strategy Pathfinder" 3rd Ed., 2017)

"A proven activity or process that has been successfully used by multiple enterprises." (ISACA) 

"A superior method or innovative practice that contributes to the improved performance of an organization, usually recognized as best by other peer organizations." (American Society for Quality)

28 July 2019

💻IT: Change Management [CM] (Definitions)

"The disciplined use of a defined process to control project modifications, additions, and deletions." (Timothy J  Kloppenborg et al, "Project Leadership", 2003)

"The process allowing changes to applications to occur in a predictable fashion with minimal or no impact on the service. Change management applies to all phases of a lifecycle." (Allan Hirt et al, "Microsoft SQL Server 2000 High Availability", 2004)

"Process of enabling change in an organization as a result of a system implementation." (Janice M Roehl-Anderson, "IT Best Practices for Financial Managers", 2010)

"(1) A structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state. (2) Controlled way to effect a change, or a proposed change, to a product or service." (Requirements Engineering Qualifications Board, "Standard glossary of terms used in Requirements Engineering", 2011)

"A structured approach to transition individuals, teams, and organizations from a current state to a desired future state, which includes managing change as part of systems development to avoid user resistance to business and system changes." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed, 2011)

"Involves problem solving in a concerted effort to adapt to changing organizational needs." (Joan C Dessinger, "Fundamentals of Performance Improvement" 3rd Ed, 2012)

"The process of communicating and managing change throughout the organization." (Charles Cooper & Ann Rockley, "Managing Enterprise Content: A Unified Content Strategy, 2nd Ed.", 2012)

"The management of change in operational processes and applications. Change management is critical when IT organizations are managing software infrastructure in conjunction with new development processes. All software elements have to be synchronized so that they work as intended." (Marcia Kaufman et al, "Big Data For Dummies", 2013)

"A program designed to prevent unintended outages from changes. Personnel submit change requests, and appropriate experts review them to identify unintended consequences. Personnel do not make changes until the change goes through the change management process." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)

"The organization's effort to control and manage the introduction of new changes to the current operating model to ensure gradual and successful adoption." (Jim Davis & Aiman Zeid, "Business Transformation: A Roadmap for Maximizing Organizational Insights", 2014)

"Methods and best practices to assist an organization and its employees in implementing changes to business processes, culture, and systems." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"The process, tools, and techniques to manage the people side of change to achieve a required business outcome." (Jonathan Ferrar et al, "The Power of People: Learn How Successful Organizations Use Workforce Analytics To Improve Business Performance", 2017)

"A business process aimed at deliberately regulating the changing nature of business activities such as projects." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide, 8th Ed", 2018)

"Process responsible for controlling the lifecycle of all changes" (ITIL)

 "The process, tools, coordination, and planning to manage the people side of change through sentiment awareness and change-management skills that together achieve a required state of business agility." (Forrester)

💻IT: Internet of Things [IoT] (Definitions)

"A term used to describe the community or collection of people and items that use the Internet to communicate with other." (Kenneth A Shaw, "Integrated Management of Processes and Information", 2013)

"The embedding of objects with sensors, coupled with the ability of objects to communicate, driving an explosion in the growth of big data." (Brenda L Dietrich et al, "Analytics Across the Enterprise", 2014)

"The Internet of Things entails the aim of all physical or uniquely identifiable objects being connected through wired and wireless networks. In this notion, every object would be virtually represented. Connecting objects in this way offers a whole new universe of possibilities. Real-time analysis of big data streams could enhance productivity and safety of systems (for example, roadways and cars being part of the Internet of Things could help to manage traffic flow). It can also make everyday life more convenient and sustainable (such as connecting all household devices to save electricity)." (Martin Hoegl et al, "Using Thematic Thinking to Achieve Business Success, Growth, and Innovation", 2014)

"IOT refers to a network of machines that have sensors and are interconnected enabling them to collect and exchange data. This interconnection enables devices to be controlled remotely resulting in process efficiencies and lower costs." (Saumya Chaki, "Enterprise Information Management in Practice", 2015)

"An interconnected network of physical devices, vehicles, buildings, and other items embedded with sensors that gather and share data." (Jonathan Ferrar et al, "The Power of People: Learn How Successful Organizations Use Workforce Analytics To Improve Business Performance", 2017)

"Ordinary devices that are connected to the Internet at any time, anywhere, via sensors." (Jason Williamson, "Getting a Big Data Job For Dummies", 2015)

"Also referred to as IoT. Term that describes the connectivity of objects to the Internet and the ability for these objects to send and receive data from each other." (Brittany Bullard, "Style and Statistics", 2016)

"computing or 'smart' devices often with ­sensor capability and the ability to collect, share, and transfer data using the Internet." (Daniel J. Power & Ciara Heavin, "Data-Based Decision Making and Digital Transformation", 2018)

"The wide-scale deployment of small, low-power computing devices into everyday devices, such as thermostats, refrigerators, clothing, and even into people themselves to continuously monitor health." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"A network of physical objects that have, like cell phones and laptops, internet connectivity enabling automatic communication between them and any other machine connected to the internet without human intervention." (Sue Milton, "Data Privacy vs. Data Security", 2021)

"Integration of various processes such as identifying, sensing, networking, and computation." (Revathi Rajendran et al, "Convergence of AI, ML, and DL for Enabling Smart Intelligence: Artificial Intelligence, Machine Learning, Deep Learning, Internet of Things", 2021)

"It is an interdisciplinary field who is associated with the electronics and computer science. Electronics deals with the development of new sensors or hardware for IoT device and computer science deals with the development of software, protocols and cloud based solution to store the data generated form these IoT devices."  (Ajay Sharma, "Smart Agriculture Services Using Deep Learning, Big Data, and IoT", 2021)

"IoT is a network of real-world objects which consists of sensors, software, and other technologies to exchange data with the other systems over the internet." (Hari K Kondaveeti et al, "Deep Learning Applications in Agriculture: The Role of Deep Learning in Smart Agriculture", 2021)

"This refers to a system of inter-connected computing and smart devices, that are provided with unique identifiers and the ability to transfer data over a network without requiring human interaction." (Wissam Abbass et al, "Internet of Things Application for Intelligent Cities: Security Risk Assessment Challenges", 2021)

"describes the network where sensing elements such as sensors, cameras, and devices are increasingly linked together via the internet to connect, communicate and exchange information." (Accenture)

"ordinary devices that are connected to the internet at any time anywhere via sensors." (Analytics Insight)

"Technologies that enable objects and infrastructure to interact with monitoring, analytics, and control systems over internet-style networks." (Forrester)

Related Posts Plugin for WordPress, Blogger...

About Me

My photo
Koeln, NRW, Germany
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.