Acceptable use policy The rules with which people must comply in order to use a system as intended.
Access point (AP) A wireless AP is a specially configured node on a wireless local area network (WLAN) that is designed to act as a central transmitter and receiver of WLAN radio signals. This allows any wireless device to connect to the WLAN via the AP.
Anti-virus (AV) software AV software is used to scan email messages for defined viruses, which show up as known signatures that the software recognises as viruses. AV solutions must be implemented on each desktop and on the email gateway or email server function where all incoming messages are scanned before being delivered to the recipient. Best practices for preventing viruses on a network call for both desktop and gateway or server AV to be implemented to ensure that laptops that plug into the LAN cannot corrupt systems ‘behind’ the AV gateway. It is important that both types of AV software are kept up to date, as new viruses are found frequently.
Applications Computer programs designed for a specific task or use.
Asset Something which is of value and needs to be protected.
Assurance The confidence that may be held in the security provided by a system, product or process.
Automated process Any digital process that require little or no human input.
Availability Ensuring that authorised users have access to information and associated assets when required.
Bandwidth The data rate supported by a network connection or interface, usually expressed in terms of bits per second (bps) or Mbps (millions of bits per second). Bandwidth represents the capacity of the connection. The greater the capacity, the more likely that greater performance will follow, though overall performance also depends on other factors, such as latency.
BS 7799 The British Standard for ICT security management.
Confidentiality Ensuring that information is accessible only to those authorised to have access.
Dynamic Host Configuration Protocol (DHCP) DHCP is a protocol that allows a computer to join an IP-based network without having a preconfigured IP address. DHCP assigns unique IP addresses to devices then releases and renews these addresses as devices leave and rejoin the network.
e-Government Interoperability Framework (e-GIF) The set of standards for e-government, which will become mandatory. The standards include accessibility and usability, XML compliance and use of metadata. The two parts of the latest version can be accessed from [
Ethernet Ethernet is a physical and data link layer technology for LANs that follows the 802.3 family of standards.
Exploit When vulnerabilities are found in software, the hacker community will frequently attempt to develop attack code that takes advantage of the vulnerability. This attack software is called an exploit, and exploit code is frequently shared among hackers as they attempt to develop different sophisticated attacks. The speed with which these exploits are developed is becoming ever faster. The current record is eight days from announcement of the vulnerability to a proven exploit being released on the internet.
Firewall A network firewall protects a computer network from unauthorised access. Network firewalls may be hardware devices, software programs or a combination of the two. A network firewall typically guards an internal LAN against malicious access from the outside.
File Transfer Protocol (FTP) A protocol designed to allow the transfer of files via IP networking.
Functional specification A document that describes in detail what a product must deliver in terms of form, fit, function and performance to satisfy the intended use.
Gateway A device on a network that serves as an entrance to another network. In institutions, the gateway is the computer/device that routes the traffic from a workstation to the outside network that is serving the web pages. In homes, the gateway is the ISP that connects the user to the internet.
H.323 An International Telecommunication Union (ITU, standard defining how audio and visual conferencing data is transmitted across networks.
Hop In computer networking, a hop represents one portion of the path between source and destination, usually between two devices.
HyperText Markup Language (HTML) A markup language used to create web pages. Various instructions and sets of tags define how the HTML page will look.
ICT security policy Version D Sept 2007 The set of laws, rules and practices that regulate how assets, including sensitive information, are managed, protected and distributed.
Identification and authentication The process used to determine and verify a user’s identity, usually consisting of a user ID and password.
Internet Engineering Task Force (IETF) The main standards organisation for the internet.
Internet Message Access Protocol (IMAP) server An email server that sends a copy of a message to a client while retaining the original message on the server.
Infrastructure The physical resources forming the institution’s network.
Institution A place of learning where ICT is being used. In this document, this includes all schools, but is not necessarily limited to the school sector and could, for example, include adult learning institutes.
Integrity The accuracy and completeness of information and processing methods.
Intrusion-detection system (IDS) and intrusion-prevention system (IPS) IDSs and IPSs are products that can analyse certain types of traffic and determine whether the traffic is legitimate traffic or whether it matches a known pattern, indicating that it is an attack. An example might be web (port 80) traffic, which a firewall would typically be configured to allow. An IDS system can look at the traffic and determine that the traffic is an attack and not valid user traffic, based upon the pattern. An IDS product provides an alert if there is invalid traffic, while an IPS product blocks the offending traffic.
Internet Protocol (IP) IP is the world’s most popular network protocol. Data travels over an IP-based network in the form of packets; each IP packet includes both a header (that specifies source, destination and other information about the data) and the message data itself.
IP address The logical address of a network adapter. The IP address uniquely identifies computers on a network. An IP address can be private, for use on a LAN, or public, for use on the internet or other WAN. IP addresses can be determined statically (assigned to a computer by a network manager) or dynamically (assigned by another device on the network on demand).
Layer Two (2) Tunnelling Protocol (L2TP) L2TP is an extension to the PPP protocol that enables ISPs to operate VPNs.
Local authority (LA) The local education authority (LEA) or the local education partnership (LEP) or a similar organisation.
Local area network (LAN) A LAN supplies networking capability to a group of computers in close proximity to each other. A LAN is useful for sharing resources like files, printers and applications. A LAN, in turn, often connects to other LANs and to the internet or other WAN.
Learning platform A generic term covering a variety of different products, all of which support online learning in some way. Learning platforms include delivery via intranets, the internet and third party hosting. Learning platform capabilities vary from systems that provide bespoke learning content or access to third party content only, to systems which provide communications, assessment, tracking and management information system (MIS) interoperability facilities.
Media Access Control (MAC) An addressing and access control protocol that works at layer 2 and provides routing to IP protocol.
Network The institution’s infrastructure, applications, services and data.
OpenDocument OpenDocument is a freely available document format specification approved as an OASIS (Organization for the Advancement of Structured Information Standards) standard and recommended by the European Union for standard file formats and document interchange. The file extensions are .odt for text documents, .ods for spreadsheets, .odp for presentation programs, .odg for graphics and .odb for database applications.
Phishing The act of sending an email to a user, falsely claiming to be an established legitimate organisation, such as the user’s bank, in an attempt to scam the user into surrendering private information that will be used for identity theft. The email directs the user to visit a website that is a physical copy of the legitimate site, where they are asked to update personal information, such as passwords, credit card and bank account numbers that the legitimate organisation already has. The website, however, is bogus and set up only to steal the user’s information.
Post Office Protocol (POP3) A POP3 email server receives email and sends the entire message upon a client’s request. Once received, the message is no longer stored on the server unless specifically instructed to keep a copy.
Port In TCP/IP and UDP networks, a port is an endpoint to a logical connection. The port number identifies what type of port it is.
Power over Ethernet A technology that allows an electrical current to be carried by the data rather than by power cables. Described in IEEE 802.3af.
Point-to-Point Protocol (PPP) A method of connecting a computer to the internet.
Point-to-Point Tunnelling Protocol (PPTP) A technology for creating VPNs.
Redundant Array of Independent Drives (RAID) Redundant Array of Independent Drives (or Disks), (RAID) is an umbrella term for data storage schemes that divide and/or replicate data among multiple hard drives. RAID can be designed to provide increased data reliability or increased I/O performance, or both.
Regional broadband consortium (RBC) Consortia of LAs that were originally established to procure cost-effective broadband connectivity for institutions and to promote the development of content for broadband networks. They link to form a National Education Network
Remote location Any location, such as the student’s home, that is outside of the actual institution network.
Repository A computer resource which is dedicated to the storage of curriculum and/or administration data.
Risk The likelihood of a threat occurring and being successful in exploiting a vulnerability and causing a breach of security
Router A networking device that connects two or more separate logical subnets, and routes data packets between those subnets by the best route.
RSS RSS is a family of Web-based feed formats used to aggregate frequently updated content such as blog entries, news headlines or podcasts. An RSS enabled document, which is called a “feed”, “web feed”, or “channel”, contains either a summary of content from an associated web site or the full text. RSS allows users to subscribe to feeds, and then aggregate those feeds into a reader so that they have a single point to check for updates.
Security A combination of confidentiality, integrity and availability considerations.
Service Functional deliverables derived from a particular application, typically provided over a network to users.
Secure HyperText Transmission Protocol (S-HTTP) An extension to the HTTP protocol to support sending data securely over the World Wide Web.
Session Initiation Protocol (SIP) An IETF protocol and proposed standard for real-time multimedia interaction, such as video conferencing and instant messaging.
Smartcard A plastic card with an embedded microchip and/or barcode. The microchip can be used for storing information and providing authentication about identity.
Simple Mail Transfer Protocol/ Multipurpose Internet Mail Extensions (SMTP/MIME) SMTP defines the message format and the message transfer agent which stores and forwards email. MIME is an encoding method that enables executable programs and multimedia files to be transported with email messages.
Spam Spam is generally regarded as electronic junk mail. Some people define spam even more generally as any unsolicited email. Real spam is generally email advertising a product (often bogus) or website containing unsuitable content, sent to a mailing list or newsgroup. In addition to wasting people’s time with unwanted email, spam also eats up a lot of network bandwidth. Spam is not a security threat as such, but spam techniques are increasingly being used to deliver malicious software. Spam can also be used to launch ‘phishing’ attacks to steal the recipient’s identity or cause financial harm.
Spam filtering Spam filtering can be implemented on the email server or on a separate appliance between the internet and the mail server to try and identify spam; generally, the goal is to eliminate as far as possible false positives (legitimate email misclassified as spam), while also eliminating false negatives (spam that slips past the spam filter).
Spyware Any computer technology that aids in gathering information about a person or organisation without their knowledge. On the internet (where it is sometimes called a spybot or tracking software), spyware is usually a clandestine computer program installed onto a computer to secretly gather information about the user and relay it to advertisers or other interested parties.
Secure Sockets Layer (SSL) A protocol developed for transmitting private documents via the internet. SSL works by using a private key to encrypt data that is transferred over the SSL connection.
Transmission Control Protocol (TCP) One of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.
Threat or attack A direct security threat or attack is one aimed at a single institution, such as an individual attempting to hack into an institution’s network. A mass attack is usually a virus or worm that is launched onto the internet, which replicates itself to as many systems as possible, as quickly as possible. Attacks may come from inside or outside an institution.
Transport Layer Security (TLS) Transport Layer Security. A cryptographic security protocol that provides security over the internet. This is often referred to as SSL (although technically it is the successor protocol).
Trojan horse Software programs that are put onto target systems (whether by a direct hack or as the result of a virus or worm) and that have a malicious intent. The Trojan lurks in the background without being detected. It can capture passwords, credit card and bank data or provide root access to the system remotely so that a hacker can take remote control of the PC.
User Datagram Protocol (UDP) A connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error-recovery services, offering instead a direct way to send and receive datagrams over an IP network. It is used primarily for broadcasting messages over a network.
Virtual private network (VPN) A network that allows secure communications over public communication lines to connect institutions and mobile users. A number of systems enable you to create networks using the internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorised users can access the network and that the data cannot be intercepted or altered.
Virus Viruses are generally spread via email messages. Users unknowingly cause the virus to execute as a program on their systems when they click on an attachment that runs the virus program or, with some viruses, just open the email to read it. Virus writers go to great lengths to disguise the fact that the attachment is in fact a virus. They also attempt to spread the virus to users in the victim’s address book.
Virtual local area network (VLAN) A logical area in a computer network where any computer connected to the computer network can directly transmit to any other in the domain without having to go through a routing device.
Voice over Internet Protocol (VoIP) Any technology providing voice telephony over IP. Basically, this involves using the internet for phone calls rather than the existing public phone system.
Vulnerability Vulnerabilities are known (or newly found) security holes that exist in systems and software. In its broadest sense, the term ‘vulnerability’ is associated with some violation of a security policy. This may be due to weak security rules or there may be a problem within the software itself. In practice, all computer systems have vulnerabilities; whether they are serious and need to be addressed depends on whether they are likely to be used to damage the system.
World Wide Web Consortium (W3C) An international consortium of companies involved with the internet and the web, whose purpose is to develop common standards for the evolution of the World Wide Web. It is the chief standards body for HTTP and HTML.
Worm A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer’s resources and possibly shutting the system down. An example of a worm is the Blaster worm, which rapidly spread through the internet in August 2003. The Blaster worm targeted Microsoft-based computers and used a vulnerability in their operating systems.
  A markup language which has two powerful features: it can be used to create other markup languages and it is software and hardware independent. Therefore, if system A uses database X and system B uses database Y, they can exchange and share data if they both also make use of XML.