The process of providing on-line services, including software, storage and infrastructure services, so that the user is separated and insulated from the burden of procuring, managing and maintaining the underlying technical infrastructure. The National Institute of Standards and Technology definition may be found here.
A program that can copy itself in order to propagate in a computer or from computer to computer over a network. Viruses can be benign or malicious and can be used to propagate other forms of malware such as adware or spyware.
Enterprise Cloud – a private cloud operated by a company for its own internal use.
A set of model clauses published by the European Commission to assist in drafting agreements in compliance with Directive 95/46/EC of the European Parliament and the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
Federal Information Security Management Act (FISMA)
The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. Additional security guidance documents are being developed in support of the project including NIST Special Publications 800-37, 800-39, and 800-53A. It should be noted that the Computer Security Division continues to produce other security standards and guidelines in support of FISMA. See http://csrc.nist.gov/publications/.
FISMA – Federal Information Security Management Act.
HAAS – Hardware as a service often used to mean IAAS.
Infrastructure as a service. The delivery of networked services including the storage, software and other services as a full functional infrastructure for the user.
Short for Internetwork. The name given to a network of networks all interconnected using standard Internet Protocol Suite (TCP/IP). Often people confuse the Internet with the world wide web. However, the world wide web and its hypertext linked documents is only one of various technologies that operate on the Internet (Usenet, Archie, Gopher, FTP).
is an internatonally accepted Information Security Management System (ISMS) standard. The standard, which was published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), provides certifiable guidelines for assessing information system security.
Open Source Software
Open source software (as an alternative to commercial software), is software whose source code is published and made available to the public, enabling anyone to copy, modify and improve the software.
Open Virtualization Format
DSP0243 Open Virtualization Format (OVF) V1.1.0. Designated as ANSI INCITS 469 2010, this specification describes an open, secure, portable, efficient and extensible format for the packaging and distribution of software to be run in virtual machines.
Platform as a service. An operating system platform and services which are provided over the Internet. Similar to IAAS but includes the ability to host and develop applications on the platform.
Private Cloud – enterprise specific cloud service accessible only by users with specific access permissions.
Public Cloud – public access cloud service accessible by the public at large. (e.g. Gmail)
SAAS – Software as a service. Software provided over the Internet where the software resides on the remote server.
Statement on Auditing Standards (SAS) No. 70. A widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
A non-standardized marketing term used by various vendors to suggest segregated services which provide a higher level of trust or security than other cloud services.