Acceptable Use Policy (AUP) – A policy that communicates to users what specific uses of computer resources are permitted. access A subject’s ability to perform specific operations on an object, such as a file. Typical access levels include read, write, execute, and delete. access control Mechanisms or methods used to determine what access permissions subjects (such as users) have for specific objects (such as files).
Acceptance Test-Driven Development (ATDD) – Test-first software development practice in which acceptance criteria for new functionality are created as automated tests. The failing tests are constructed to pass as development proceeds and acceptance criteria are met.
Agile Development Practices – Procedures and techniques used to conduct Agile software development. Although there is no canonical set of Agile practices, most Agile practitioners adopt some subset of Scrum and XP practices. Broadly speaking, any practice or technique that facilitates the values and principles set forth in the Agile Manifesto can be considered an Agile practice.
Agile Manifesto – A philosophical foundation for effective software development, the Agile Manifesto was created by representatives from Extreme Programming, Scrum, DSDM, Adaptive Software Development, Crystal, Feature-Driven Development, Pragmatic Programming, and others who are sympathetic to the need for an alternative to documentation-driven, heavyweight software development processes.
Agile Project Management – The style of project management used to support Agile software development. Scrum is the most widely used Agile project management practice. XP practices also include practices that support Agile project management. Essential feature of Agile project management include: Iterative development cycles, self-organizing teams, multi-level planning, dynamic scope and frequent collaboration with customer and/or business sponsors.
Agile Software Development – The development of software using Agile development practices and Agile project management. Features of Agile software development include a heavy emphasis on collaboration, responsiveness to change, and the reduction of waste throughout the development cycle. Agile software development (ASD) focuses on keeping code simple, testing often, and delivering functional bits of the application as soon as they’re ready.
Alignment – Includes any actions or policies that exist so that a process or activity in one section of the organization is congruent with the organization’s or business unit’s governing mission. See Business/IT Alignment.
ALM – See Application Lifecycle Management
Annualized loss expectancy (ALE) – How much an event is expected to cost the business per year, given the dollar cost of the loss and how often it is likely to occur. ALE = single loss expectancy × annualized rate of occurrence.
Annualized rate of occurrence (ARO) – The frequency with which an event is expected to occur on an annualized basis.
Anomaly – Something that does not fit into an expected pattern.
Application Lifecycle Management (ALM) – A continuous process of managing the life of an application through governance, development and maintenance. When Agile software development is introduced into an organization it generally requires substantial changes in the organization’s ALM tools and policies, which are typically designed to support alternative methodologies such as Waterfall.
Asset – A resource or information that an organization needs to conduct its business.
Asset Value (AV) – The value of an asset that is at risk.
ATDD – See Acceptance Test-Driven Development
Audit Trail – A set of records or events, generally organized chronologically, that records what activity has occurred on a system. These records (often computer files) are often used in an attempt to re-create what took place when a security incident occurred, and they can also be used to detect possible intruders.
Audit – Actions or processes used to verify the assigned privileges and rights of a user, or any capabilities used to create and maintain a record showing who accessed a particular system and what actions they performed.
Backlog – A collection of stories and tasks the Sprint team will work on at some point in the future. Either the Product Owner has not prioritized them or has assigned them lower priority.
Backlog Grooming – Backlog grooming is the process of adding new user stories to the backlog, re-prioritizing existing stories as needed, creating estimates, and deconstructing larger stories into smaller stories or tasks. Rather than grooming the backlog sporadically throughout an iteration, the team may hold a backlog grooming session once per iteration. Scrum Alliance founder Ken Schwaber recommends that teams allocate 5% of their time to revisiting and tending to the backlog.
Backlog Item – A unit of work, usually a story or a task, listed on the project backlog.
BDD – See Behavior Driven Development.
Behavior Driven Development (BDD) – Agile software development practice adding to TDD the description of the desired functional behavior of the new functionality.
Big Visible Charts – Big visible charts are exactly what you would think they would be: Big charts posted near the agile team that describe in different ways the team’s progress. Big visible charts not only can be useful tools for the team but also make it easier for any stakeholder to learn how the team is progressing. Big visible charts are an important tool for implementing the essential agile values of transparency and communication.
Breaking the Build – When a developer adds changes to the source code repository that result in the failure of a subsequent build process, the developer has “broken the build.”
Bring Your Own Device (BYOD) – A term used to describe an environment where users bring their personally owned devices into the enterprise and integrate them into business systems.
Build – Measure – Learn – The rapid experiment and learning cycle in LSU that permits us to rapidly validate assumptions and potentially fail fast.
Build Process – The process of creating the application program for a software release, by taking all the relevant source code files and compiling them and then creating a build artifacts, such as binaries or executable program, etc.
Burndown Chart – A publicly displayed chart that depicts the total task hours remaining per day. It shows where the team stands regarding completing the tasks that comprise the backlog items that achieve the goals of the sprint.
Burnup Chart – Representation of the amount of stories completed, with points plotted on an X and Y axis that map an upward trend of work completed until reaching 100%.
Business Availability Center (BAC) – A software platform that allows the enterprise to optimize the availability, performance, and effectiveness of business services and applications.
Business Continuity Plan (BCP) – The plan a business develops to continue critical operations in the event of a major disruption.
Business Impact Analysis (BIA) – An analysis of the impact to the business of a specific event.
Business Partnership Agreement (BPA) – A written agreement defining the terms and conditions of a business partnership.
Business Value – An informal term that includes all forms of value that determine the health and well-being of the firm in the long run.
Business/IT Alignment -Includes any actions or policies that exist so that a process or activity in one section of the organization is congruent with the organization’s or business unit’s governing mission. See Alignment.
BVC – See Big Visible Charts.
BYOD – See bring your own device.
Capability Maturity Model (CMM) – A structured methodology helping organizations improve the maturity of their software processes by providing an evolutionary path from ad hoc processes to disciplined software management processes. Developed at Carnegie Mellon University’s Software Engineering Institute.
Certified ScrumMaster – Someone who is acting in the role of ScrumMaster on a Scrum Team and who has attended a two-day Certified ScrumMaster (CSM) class to obtain certification.
Change (Configuration) Management – A standard methodology for performing and recording changes during software development and operation.
Change Control Board (CCB) – A body that oversees the change management process and enables management to oversee and coordinate projects.
Choose your own device (CYOD) – A mobile device deployment methodology where each person chooses their own device type.
Collective Code Ownership – A software development principle popularized by Extreme Programming holding that all contributors to a given codebase are jointly responsible for the code in its entirety.
Configuration Auditing – The process of verifying that configuration items are built and maintained according to requirements, standards, or contractual agreements.
Configuration Control – The process of controlling changes to items that have been baselined.
Configuration Identification – The process of identifying which assets need to be managed and controlled.
Configuration Item – Data and software (or other assets) that are identified and managed as part of the software change management process. Also known as computer software configuration items.
Configuration Status Accounting – Procedures for tracking and maintaining data relative to each configuration item in the baseline.
Content Management System (CMS) – A management system to manage the content for a specific system, such as a website.
Contingency Planning (CP) – The act of creating processes and procedures that are used under special conditions (contingencies).
Continuity Of Operations Planning (COOP) – The creation of plans related to continuing essential business operations after any major disruption.
Continuous Delivery – A software delivery practice similar to Continuous Deployment except a human action is required to promote changes into a subsequent environment along the pipeline.
Continuous Deployment – A software delivery practice in which the release process is fully automated in order to have changes promoted to the production environment with no human intervention.
Continuous Integration – Continuous Integration (CI) is an Extreme Programming (XP) practice where members of a delivery team frequently integrate their work (e.g. hourly, or at least once daily). Each integration is verified by an automated build, which also performs testing, to detect any integration errors quickly and automatically.
COOP – See Continuity Of Operations Planning.
Corporate Owned, Personally Enabled (COPE) – A form of mobile device ownership/management.
Cross-Functional Team – Team comprised of members with all functional skills and specialties necessary to complete a project from start to finish.
Cross-Site Request Forgery (CSRF or XSRF) – A method of attacking a system by sending malicious input to the system and relying upon the parsers and execution elements to perform the requested actions, thus instantiating the attack. XSRF exploits the trust a site has in the user’s browser.
Cross-Site Scripting (XSS) – A method of attacking a system by sending script commands to the system input and relying upon the parsers and execution elements to perform the requested scripted actions, thus instantiating the attack. XSS exploits the trust a user has for the site.
Customer – The recipient of the output (product, service, information) of a process. Customers may be internal or external to the organization. The customer may be one person, a department, or a large group. Internal customers (outside of Information Technology) are sometimes called the “Business.”
Daily Scrum/Daily Standup – A daily time-boxed event of 15 minutes, or less, for the Development Team to re-plan the next day of development work during a Sprint. The ‘semi-real-time’ status allows participants to know about potential challenges as well as coordinate efforts to resolve difficult and/or time-consuming issues. Updates are reflected in the Sprint Backlog.
Decision Tree – A data structure in which each element is attached to one or more structures directly beneath it.
Definition of Done (DOD) – The criteria for accepting work as completed. Specifying these criteria is the responsibility of the entire team, including the business.
Design Pattern – A design pattern is a general reusable solution to a commonly occurring problem in software design.
Developer – Any member of a Development Team, regardless of technical, functional or other specialty.
Development Team – The role within a Scrum Team accountable for managing, organizing and doing all development work required to create a releasable Increment of product every Sprint.
DevOps – An organizational concept serving to bridge the gap between development and operations, in terms of skills, mind-set, practices and silo-mentality. The underlying idea is that developers are aware of, and in daily work consider implications on operations, and vice versa.
Disaster Recovery Plan (DRP) – A written plan developed to address how an organization will react to a natural or manmade disaster in order to ensure business continuity. Related to the concept of a business continuity plan (BCP).
Distributed Development Team – Refers to development teams that work on the same project but are located across multiple geographic locations or work sites. Agile development is more difficult for distributed teams and generally require that special practices are adopted that mitigate the inherent risks of distributed development.
DOD – See Definition of Done.
Domain in IT – Many computers and/or workgroups are directly connected. A domain is comprised of combined systems, servers and workgroups. Multiple server types may exist in one domain – such as Web, database and print – and depend on network requirements.
Domain Model in Agile – Agile project practitioners engage in a number of tasks in the course of working on projects in an Agile environment. These tasks have been delineated and organized into six major domains of practice.
Don’t repeat yourself (DRY) – Software development principle to avoid repetition of the same information in one system, preventing the same code from being produced multiple times on a code base.
DRP – See disaster recovery plan.
DRY – See Don’t repeat yourself.
Emergence – The process of the coming into existence or prominence of new facts or new knowledge of a fact, or knowledge of a fact becoming visible unexpectedly.
Empiricism – Process control type in which only the past is accepted as certain and in which decisions are based on observation, experience and experimentation. Empiricism has three pillars: transparency, inspection and adaptation.
Engineering Standards – A shared set of development and technology standards that a Development Team applies to create releasable Increments of software.
Epic – A very large user story that is eventually broken down into smaller stories. Epics are often used as placeholders for new ideas that have not been thought out fully or whose full elaboration has been deferred until actually needed. Epic stories help agile development teams effectively manage and groom their product backlog.
Estimation – The process of agreeing on a size measurement for the stories or tasks in a product backlog. On agile projects, estimation is done by the team responsible for delivering the work, usually using a planning game.
Exposure Factor (EF) – A measure of the magnitude of loss of an asset. Used in the calculation of single loss expectancy (SLE).
Extreme Programming (XP) – A software development methodology adhering to a very iterative and incremental approach, Extreme Programming is intended to improve software quality and responsiveness to changing customer requirements.
Fail-Fast – A property of a system or module with respect to its response to failures. A fail-fast system is designed to immediately report at its interface any failure or condition that is likely to lead to failure.
Feature – A coherent business function or attribute of a software product or system. Features are large and chunky and usually comprise many detailed (unit) requirements. A single feature typically is implemented through many stories. Features may be functional or non-functional; they provide the basis for organizing stories.
Feature Toggle – Software development practice that allows dynamically turning (parts of) functionality on and off without impacting the overall accessibility of the system by its users.
Fibonacci Sequence – A sequence of numbers in which the next number is derived by adding together the previous two (e.g. 1, 2, 3, 5, 8, 13, 21, 34…). The sequence is used to size stories in Agile estimation techniques such as Planning Poker.
Flow – Continuous delivery of value to customers (vs. big-batch, big-release, big-bang).
Forecast (of functionality) – The selection of items from the Product Backlog a Development Team deems feasible for implementation in a Sprint.
Impediment – Anything that prevents a team member from performing work as efficiently as possible is an impediment.
Incident Response – The process of responding to, containing, analyzing, and recovering from a computer-related incident.
Incident Response Plan (IRP) – The plan used in responding to, containing, analyzing, and recovering from a computer-related incident.
Infrastructure as a Service (IaaS) – The automatic, on-demand provisioning of infrastructure elements, operating as a service; a common element of cloud computing.
Inspect and Adapt – “Inspect and Adapt” is a slogan used by the Scrum community to capture the idea of discovering over the course of a project emergent software requirements and ways to improve the overall performance of the team. It neatly captures the both the concept of empirical knowledge acquisition and feedback-loop-driven learning.
Instant Messaging (IM) – A text-based method of communicating over the Internet.
Intangible Asset – An asset for which a monetary equivalent is difficult or impossible to determine. Examples are brand recognition and goodwill.
Iteration – A period during which the Agile development team produces an increment of completed software. All system lifecycle phases must be completed during the iteration and then demonstrated for the iteration to be accepted as successfully completed.
Internet of Things (IoT) – The networking of large numbers of devices via the Internet to achieve a business purpose.
IT Contingency Plan (ITCP) – The plan used to manage contingency operations in an IT environment.
Kanban – Kanban is a tool derived from lean manufacturing and is associated with the branch of agile practices loosely referred to as Lean Software Development.
Lean Software Development – Principles focused on reducing waste and optimizing the software production value stream.
Mean Time Between Failures (MTBF) – The statistically determined period of time between failures of the system.
Mean Time To Failure (MTTF) – The statistically determined time to the next failure.
Mean Time To Repair/Recover (MTTR) – A common measure of how long it takes to repair a given failure. This is the average time, and may or may not include the time needed to obtain parts.
Memorandum Of Agreement (MOA) – A document executed between two parties that defines some form of agreement.
Memorandum Of Understanding (MOU) – A document executed between two parties that defines some form of agreement.
Minimum Marketable Features (MMF) – A small, self-contained feature that can be developed quickly and that delivers significant value to the user.
Minimum Viable Product (MVP) – Potentially confusing, the strict Lean Startup definition is the smallest thing we can test to enable one cycle of the build – measure – learn loop. As opposed to Minimum Marketable Feature (MMF) that is the smallest thing that delivers a user value.
Mitigation – Action taken to reduce the likelihood of a threat occurring.
MMF – See Minimum Marketable Features.
Monitoring as a Service (MaaS) – The use of a third party to provide security monitoring services.
MTBF – See mean time between failures.
MTTF – See mean time to failure.
MTTR – See mean time to repair.
MVP – See Minimum Viable Product.
NDA – See non-disclosure agreement.
Non-Disclosure Agreement (NDA) – A legal contract between parties detailing the restrictions and requirements borne by each party with respect to confidentiality issues pertaining to information to be shared.
Pair programming – One of the original 12 Extreme Programming (XP) practices. As counter-intuitive as it may seem to the uninitiated, pair programming is more productive than two individuals working independently on separate tasks.
Personal Electronic Device (PED) – A term used to describe an electronic device, owned by the user and brought into the enterprise, that uses enterprise data. This includes laptops, tablets, and mobile phones, to name a few.
Personal Health Information (PHI) – Information related to a person’s medical records, including financial, identification, and medical data.
Planning Game – In XP, the planning game includes iteration (or sprint) planning and release planning. In scrum, sprint and release planning are two of the five levels of planning used in Agile projects.
Planning Poker – Planning Poker is a consensus-based technique for estimating, mostly used to estimate effort or relative size of tasks in software development.
Platform as a Service (PaaS) – A third-party offering that allows customers to build, operate, and manage applications without having to manage the underlying infrastructure.
Preventive – Intended to avoid an incident from occurring.
Product – Broadly speaking, product refers to a collection of tangible and intangible features that are integrated and packaged into software releases that offer value to a customer or to a market.
Product Backlog – A collection of stories and tasks the Sprint team will work on at some point in the future. Either the Product Owner has not prioritized them or has assigned them lower priority. See Backlog.
Product Backlog Refinement – The activity in a Sprint through which the Product Owner and the Development Team add granularity to the Product Backlog.
Product Owner – One of the key roles in Scrum. The product owner is the primary business representative who represents the business stakeholders’ “voice of the customer” and the “voice of the business” to the sprint team.
Product Vision – A product vision is a brief statement of the desired future state that would be achieved through the project initiative.
Quantitative Risk Assessment – The process of objectively determining the impact of an event that affects a project, program, or business. It usually involves the use of metrics and models to complete the assessment.
Rapid Application Development (RAD) – A software development methodology that favors the use of rapid prototypes and changes as opposed to extensive advanced planning.
Release (Software) – The movement of releasing a product/service from the development phase into the release phase as soon as a minimum marketable feature set can be delivered; and then proceeding with frequent incremental releases.
Release Plan – The release plan is a schedule for releasing software into productive use. Typical release plans include the key features to be delivered, along with corresponding release dates. Release plans may also expose key milestones or dependencies that parallel project activities. In agile development, release plans can be mapped back to the iterations (or sprints) that implement the released features.
Release Planning – Release planning refers to planning activities used to estimate when software will be released into product use.
Retrospective – A timeboxed meeting held at the end of an iteration, or at the end of a release, in which the team examines its processes to determine what succeeded and what could be improved.
Return On Investment (ROI) – A measure of the effectiveness of the use of capital.
Risk – The possibility of suffering a loss.
Risk Assessment or Risk Analysis – The process of analyzing an environment to identify the threats, vulnerabilities, and mitigating actions to determine (either quantitatively or qualitatively) the impact of an event affecting a project, program, or business.
Risk Management – Overall decision-making process of identifying threats and vulnerabilities and their potential impacts, determining the costs to mitigate such events, and deciding what cost-effective actions can be taken to control these risks.
Scrum – A framework to support teams in complex product development. Comprised of a series of short iterations – called sprints – each of which ends with the delivery of an increment of working software.
Scrum Guide™ – The definition of Scrum, written and provided by Ken Schwaber and Jeff Sutherland, co-creators of Scrum. This definition consists of Scrum’s roles, events, artifacts, and the rules that bind them together.
Scrum Master – The ScrumMaster is responsible for maintaining the Scrum process and the overall health of the team.
Scrum Team – A cross-functional group that is responsible for delivering the software or product.
Self-Organization – A property of the agile development team, which autonomously organizes over time, rather than being ordered by an external force such as a project or development manager.
Service Level Agreement (SLA) – An agreement between parties concerning the expected or contracted uptime associated with a system.
Single Loss Expectancy (SLE) – Monetary loss or impact of each occurrence of a threat. SLE = asset value × exposure factor.
Software as a Service (SaaS) – The provisioning of software as a service, commonly known as on-demand software.
Sprint – The Scrum term for an iteration. It is a time-boxed event of 30 days, or less, that serves as a container for the other Scrum events and activities. Sprints are done consecutively, without intermediate gaps.
Sprint Backlog – An overview of the development work to realize a Sprint’s goal, typically a forecast of functionality and the work needed to deliver that functionality.
Sprint Planning Meeting – Each sprint begins with a two-part sprint planning meeting, the activity that prioritizes and identifies stories and concrete tasks for the next sprint.
Sprint Retrospective – See Retrospective.
Sprint Review – A meeting held at the end of each sprint in which the Scrum team shows what they accomplished during the sprint; typically this takes the form of a demo of the new features.
Stakeholder – A person external to the Scrum Team with a specific interest in and knowledge of a product that is required for incremental discovery. Represented by the Product Owner and actively engaged with the Scrum Team at Sprint Review.
Standup Meeting – See Daily Scrum/Daily Standup.
Story (User) – A requirement, feature and/or unit of business value that can be estimated and tested. Stories describe work that must be done to create and deliver a feature for a product.
Tangible Asset – An asset for which a monetary equivalent can be determined. Examples are inventory, buildings, cash, hardware, software, and so on.
Task – Tasks are descriptions of the actual work that an individual or pair does in order to complete a story.
Task Board – A chart that presents, at minimum, “to do”, “in progress”, and “done” columns for organizing a team’s work.
TDD – See Test-Driven Development.
Team – In agile software development, the team refers to the cross-functional group of people that have made a collective commitment to work together to produce the work product and improve their performance over time. In addition to software development and test roles, the team may include any skill set necessary to deliver the work product.
Test Automation – Frequently used to automate unit tests, integration tests, and functional tests.
Test-Driven Development (TDD) – Test-first software development practice in which test cases are defined and created first, and subsequently executable code is created to make the test pass. The failing tests are constructed to pass as development proceeds and tests succeed. Ken Beck is credited for having invented TDD, one of the original 12 XP practices.
Timebox – A timebox is a time period of fixed length allocated to achieve some objective. In agile development, iterations and sprints are examples of timeboxes that limit work in process and stage incremental progress. Timeboxes are often used to avoid over-investing in tasks such as estimating development tasks.
Unit Testing – Comprehensive unit test coverage is an important part of software integrity and should be automated to support the incremental delivery requirements of agile software development teams. It is a low-level technical test focusing on small parts of a software system that can be executed fast and in isolation.In most cases, unit testing is the responsibility of the developer.
Usage Auditing – The process of recording who did what and when on an information system.
User Acceptance Testing (UAT) – The application of acceptance-testing criteria to determine fitness for use according to end-user requirements.
User ID – A unique alphanumeric identifier that identifies individuals who are logging in or accessing a system.
User Story – A requirement, feature and/or unit of business value that can be estimated and tested. Stories describe work that must be done to create and deliver a feature for a product. See Story (User).
Velocity – Measures how much work a team can complete in an iteration. It is also used to measure how long it will take a particular team to deliver future outcomes by extrapolating on the basis of its prior performance.
Video Teleconferencing (VTC) – A business process of using video signals to carry audio and visual signals between separate locations, thus allowing participants to meet via a virtual meeting instead of traveling to a physical location. Modern videoconferencing equipment can provide very realistic connectivity when lighting and backgrounds are controlled.
Voice of the Customer (VOC) – A term used in business and Information Technology (through ITIL) to describe the in-depth process of capturing a customer’s expectations, preferences, and aversions.
WIP – See Work in Process or Work in Progress.
Work in Process or Work in Progress (WIP) – Any work that has not been completed but that has already incurred a capital cost to the organization. Any software that has been developed but not deployed to production can be considered a work in progress.
XP – See Extreme Programming.