Glossary

I believe that defining terms to add into a glossary section of the IT Professional Toolkit will be useful in my professional career. Since many terms will be gathered together in one place it will make searching for information quicker and easier. It will also make it easier to recall information that I have already learned when I reference the familiar material.

Glossary

1. Access Control Policies – According to CSRC and NIST, “are high-level requirements that specify how access is managed and who may access information under what circumstances.” [1]

2. Benchmarking – According to Wikipedia, “benchmarking is the practice of comparing business processes and performance metrics to industry bests and best practices from other companies. Dimensions typically measured are quality, time and cost.” [2]

3. Business – IT Strategy Alignment - According to CIO Index, “Business IT Alignment is a discipline that matches IT strategy with business strategy with the goal of maximizing value created by the enterprise. An IT Strategy is crafted in response to a Business Strategy and sometimes drives changes in business strategy.” [3]

4. Business Model – According to Wikipedia, “a business model describes the rationale of how an organization creates, delivers, and captures value, in economic, social, cultural or other contexts. The process of business model construction and modification is also called business model innovation and forms a part of business strategy.” [4]

5. Business Policy – According to Wikipedia, “a policy is a deliberate system of principles to guide decisions and achieve rational outcomes.” [5]

6. Business Strategy – According CIO Index, “a business strategy is the means by which an organization sets out to achieve its desired objectives. It can simply be described as long-term business planning.” [3]

7. Competitive Advantage – According to Twin, A., Anderson, S., & Investopedia, this “refers to factors that allow a company to produce goods or services better or more cheaply than its rivals. These factors allow the productive entity to generate more sales or superior margins compared to its market rivals.” [6]

8. Enterprise Architecture – According to CIO Index, “enterprise architecture is a holistic, hierarchical, and abstract description of the essential elements of an organization to maximize shareholder value over time.” [7]

9. Fact Sheet (aka Cheat Sheet), e.g., NIST Financial Sector Access Rights Management: https://www.nccoe.nist.gov/sites/default/files/library/fact-sheets/fs-arm-fact-sheet.pdf - According to NCCoE and NIST, “the goal of this use case is to demonstrate ways to link the management of existing disparate identity and access mechanisms and systems into a comprehensive identity and access management (IDAM) solution. This will enable financial sector entities to centrally issue, validate, and modify or revoke access rights for their entire enterprise based on easy-to-understand business rules.” [8]

10. Framework – According to the Cambridge Dictionary, a framework refers to “the ideas, information, and principles that form the structure of an organization or plan.” [9]

11. Fundamentals of Scientific Management – According to Wikipedia, The Principles of Scientific Management (which were published by Frederick Winslow Taylor in 1911) “argued that the principle object of management should be to secure the maximum prosperity for the employer, coupled with the maximum prosperity for each employee. He argued that the most important object of both the employee and the management should be the training and development of each individual in the establishment, so that he can do the highest class of work for which his natural abilities fit him. Taylor demonstrated that maximum prosperity can exist only as the result of maximum productivity, both for the shop and individual, and rebuked the idea that the fundamental interests of employees and employers are necessarily antagonistic.” [10]

12. Governance – According to Wikipedia, “Governance is the way rules, norms and actions are structured, sustained, regulated and held accountable.” [11]

13. Governance, Risk Management and Compliance (GRC) – is a term that refers to how a business approaches these specific practices. According to Wikipedia, “governance, risk management, and compliance are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity.” [12]

14. Government Regulation, e.g., FERPA, GLBA or HIPPA – According to Wikipedia, “in government, typically regulation means stipulations of the delegated legislation which is drafted by subject-matter experts to enforce primary legislation; in business, industry self-regulation occurs through self-regulatory organizations and trade associations which allow industries to set and enforce rules with less government involvement.” [13]

15. Information Policy – According to Wikipedia, “is the set of all public laws, regulations and policies that encourage, discourage, or regulate the creation, use, storage, access, and communication and dissemination of information. It thus encompasses any other decision-making practice with society-wide constitutive efforts that involve the flow of information and how it is processed.” [14]

16. IT Best Practice – a set of IT processes or procedures that are generally accepted by the IT community as being the best way to do something.

17. IT Capability – According to CIO Wiki, “refers to an organization’s ability to identify IT meeting business needs, to deploy IT to improve business process in a cost-effective manner, and to provide long-term maintenance and support for IT-based systems.” [15]

18. IT Community of Practice – According to wenger-trayner.com, “communities of practice are groups of people who share a concern or a passion for something they do and learn how to do it better as they interact regularly” (Etienne, & Beverly Wenger-Trayner). This can be applied to the IT profession. [16]

19. IT Framework – the supporting IT system or concept which allows IT functionality.

20. IT Governance – According to Kennesaw State University’s IT7833 course material, “IT governance processes are used by the organization to measure and ensure IT contributes to organizational value with minimal cost, continuous improvement and controlled risks.” [17]

21. IT Governance Framework – According to CIO Wiki, “There are three widely recognized, vendor-neutral, third-party frameworks that are often described as 'IT governance frameworks'. While on their own they are not completely adequate to that task, each has significant IT governance strengths:

    • ITIL®: ITIL, or IT Infrastructure Library®, was developed by the UK's Cabinet Office as a library of best-practice processes for IT service management. Widely adopted around the world, ITIL is supported by ISO/IEC 20000:2011, against which independent certification can be achieved. On our ITIL page, you can access a free briefing paper on ITIL, IT service management and ISO 20000.

    • COBIT®: Control Objectives for Information and Related Technology (COBIT) is an IT governance control framework that helps organisations meet today’s business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals. COBIT is an internationally recognised framework. In particular, COBIT's Management Guidelines component contains a framework for the control and measurability of IT by providing tools to assess and measure the enterprise’s IT capability for the 37 identified COBIT processes.

    • ISO 27002: ISO 27002 (supported by ISO 27001), is the global best-practice standard for information security management in organisations.” [18]

22. IT Policy – is a set of systematic guidelines that provide a path to achieve IT goals.

23. IT Policy Framework – According to Wikipedia, “a policy framework is document that sets out a set of procedures or goals, which might be used in negotiation or decision-making to guide a more detailed set of policies, or to guide ongoing maintenance of an organization's policies.” This could refer to a security policy framework, the NIST Cybersecurity Framework, or other IT policy frameworks. [19]

24. IT Professional Ethics – the personal and industry standard for ethics of IT professionals.

25. IT Professional – someone who earns a living through the use of computers and the internet of things and is responsible for their continued functionality in order to produce value for the organizations through which they are employed.

26. IT Professional Tool Kit – a set of tools for an IT Professional.

27. IT Risk Management – According to Wikipedia, “is a recurrent activity that deals with the analysis, planning, implementation, control, and monitoring of implemented measurements and the enforced security policy.” [20]

28. IT Strategy – a repetitive process that aims to align IT capability with business requirements and thus creates shareholder value.

29. IT Subject Matter Expert or IT-SME – an IT-SME is someone who specializes in a certain IT area and is knowledgeable about that particular area of IT; examples include someone who is an Enterprise IT Management SME or an IT Security SME.

30. NIST Cybersecurity Framework – According to Wikipedia, “provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.” [21]

31. Standard – According to the State of Georgia, a standard is “a prescribed or proscribed specification, approach, directive, procedure, solution, methodology, product or protocol which must be followed.” [22]

32. SWOT Analysis – According to Wikipedia, a “SWOT analysis (or SWOT matrix) is a strategic planning technique used to help a person or organization identify strengths, weaknesses, opportunities, and threats related to business competition or project planning.” [23]

33. The Balanced Scorecard – According to Kennesaw State University’s IT7833 course material, “is a tool to monitor and govern an organization’s activities, including IT.” [17]

34. The IT Profession – occupation of someone who uses computers and the internet of things in order to provide value.

35. Transaction Costs – According to Wikipedia, “are the total costs of making a transaction, including the cost of planning, deciding, changing plans, resolving disputes, and after-sales.” [24]

36. Value Chain – According to Wikipedia, “a value chain is a set of activities that a firm operating in a specific industry performs in order to deliver a valuable product (i.e., good and/or service) for the market.” [25]

37. Value Creation (Contribution to the Business) – According to Advameg, Inc., “value creation is the primary aim of any business entity. Creating value for customers helps sell products and services, while creating value for shareholders, in the form of increases in stock price, insures the future availability of investment capital to fund operations.” [26]