Trustworthy Information Systems Handbook: Section 10
1. The quality of being responsible, answerable; the obligation to report, explain, or justify an event or situation.
1. "The values, evidential and/or informational that justify the continuing retention of records as archives." (l)
1. "the process of creating a backup copy of computer files, especially for long-term storage." (i)
1. "A form of cryptosystem in which encryption and decryption are performed using two different keys, one of which is referred to as the public key and one of which is referred to as the private key. Also known as public-key encryption." (a)
1. "A record showing who has accessed a computer system and what operations he or she has performed during a given period of time." (b)
1. "A process used to verify the integrity of transmitted data, especially a message." (a)
2. "The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual." (b)
3. "the process of confirming an asserted identity with a specified, or understood, level of confidence. The mechanism can be based on something the user knows, such as a password, something the user possesses, such as a ‘smart card,’ something intrinsic to the person, such as a fingerprint, or a combination of two or more of these." (h)
1. Authenticity is a function of a record's preservation and is a measure of a record's reliability over time.
1. "To copy files to a second medium . . . as a precaution in case the first medium fails." (b)
1. "A substitute or alternative. The term backup usually refers to a disk or tape that contains a copy of data." (b)
1. An authentication technique relying on measurable physical characteristics of the user that can be automatically checked. An example is a fingerprint scanner. (b)
1. "Symbols, or representations, of facts or ideas that can be communicated, interpreted, or processed by manual or automated means." (i)
1. A computer-based information system that is home for "secondhand" data that originated from either another application or from an external system or source. A data warehouse is a read-only, integrated database designed to answer comparative and "what if" questions. Unlike operational databases that are set up to handle transactions and that are kept up to date as of the last transaction, a data warehouse is analytical, subject-oriented and structured to aggregate transactions as a snapshot in time.
1. A diagram that shows the various subjects about which information is stored, and the relationships between those subjects.
1. Data Issues Group for Information Technology. A Minnesota state government group formed in 1997 as a subcommittee of the Information Policy Council (IPC). Comprised of staff from state agencies and related organizations with an interest in data administration, data modeling, and database administration, DIG-IT's goal was promoting the importance of data as a vital state asset requiring management of its creation, use, storage, dissemination, documentation, and disposition by sharing collective experiences and expertise. DIG-IT ceased meeting in 2003.
1. "Describes any system based on discontinuous data or events. Computers are digital machines because at their most basic level they can distinguish between just two values, 0 and 1, or off and on. There is no simple way to represent all the values in between, such as 0.25. All data that a computer processes must be encoded digitally, as a series of zeroes and ones." (b)
1. "An authentication mechanism that enables the creator of a message to attach a code that acts as a signature. The signature guarantees the source and integrity of the message." (a)
2. "In Minnesota, a digital signature is defined to be an asymmetric cryptosystem. . . . A digital signature is a reliable electronic method of signing electronic documents that provides the recipient with a way to verify the sender, determine that the content of the document has not been altered since it was signed, and prevent the sender from repudiating that fact that he or she signed and sent the electronic document. A digital signature is made up of a key pair consisting of a private key and a public key. . . . A signature looks like a random series of numbers and alphabetical characters. Each signature is unique because it uses the content of the electronic document to create the character string." (c)
1. "An unexpected occurrence inflicting widespread destruction and distress and having long-term adverse effects on agency operations. Each agency defines what a long-term adverse effect is in relation to its most critical program." (i)
1. "The act or process of substantiating by recording actions and/or decisions." (i)
2. "Records required to plan, develop, operate, maintain, and use electronic records. Included are systems specifications, file specifications, codebooks, file layouts, user guides, and output specifications." (i)
1. "Refers to actions that take place at the moment they are needed rather than in advance." (b)
1. "Of, or relating to, technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities." (e)
1. "An electronic document is any document generated or stored on a computer. An electronic document may be an e-mail message, a contract, a purchase order, a letter or some other type of document. An electronic document can also be an image such as a blueprint, survey plat, drawing or photograph." (c)
2. "Recorded information that is recorded in a form that requires a computer or other machine to process it. Includes word processing documents; electronic mail messages; . . . Internet and intranet postings; numerical and textual spreadsheets and databases; electronic files; optical images; software; and information systems." (i)
1. "A record created, generated, sent, communicated, received, or stored by electronic means." (e)
1. "A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria." (b)
1. "The shape, size, style, and general makeup of a particular record." (i)
1. "A printout of data stored in a computer. It is considered hard because it exists physically on paper, whereas a soft copy exists only electronically." (b)
1. Data, text, images, sounds, codes, computer programs, software, databases, etc. (e)
Information Policy Council (IPC)
1. Organized by statute, the IPC is charged with encouraging "cooperation and collaboration among state and local governments in developing intergovernmental communication and information systems" in Minnesota (Chapter 202, Article 3, Section 7, Subdivision 3, 1997). Its membership consists of commissioner-level staff and Chief Information Officers of state agencies and constitutional offices.
1. "An electronic system for creating, generating, sending, receiving, storing, displaying, or otherwise processing information." (e)
2. "The organized collection, processing, transmission, and dissemination of information in accordance with defined procedures, whether automated or manual. . . . Most often refers to a system containing electronic records, which involves input or source documents, records on electronic media, and output records, along with related documentation and any indexes." (i)
1. Any apparatus, such as a keyboard, that allows data to be fed or entered into a computer. (b)
1. A decentralized global network connecting millions of computers.
1. "A network . . .belonging to an organization . . . accessible only by the organization's members, employees, or others with authorization. An intranet's Web sites look and act just like any other Web sites, but the firewall surrounding an intranet fends off unauthorized access." (b)
1. "An application in which a company or organization has already invested considerable time and money." (b)
1. To enter information before gaining access to a computer system. At the minimum, log-in typically requires a username and password.
1. Data about data.
2. "The description of the data resources, its characteristics, location, usage, and so on. Metadata is used to identify, describe, and define user data." (i)
1. "Any form containing greatly reduced images, or microimages, usually on microfilm. Roll, or generally serialized, microforms include microfilm on reels, cartridges, and cassettes. Flat, or generally unitized, microforms include microfiche, microfilm jackets, aperture cards, and microcards, or micro-opaques." (i)
1. The process of moving computer files from one information system or medium to another.
1. "In disposal scheduling, the copy of the record held by the office of record. Any other copies of the record can then be destroyed whenever they are no longer required." (l)
1. Any machine capable of representing information from a computer, including display screens, printers, plotters, and synthesizers. (b)
1. "A character string used to authenticate an identity. Knowledge of the password and its associated user ID is considered proof of authorization to use the capabilities associated with that user ID." (a)
See Archival Value.
1. "The private key is the part of the key pair that is used by the person to sign an electronic document. It must be kept secure as it is the identity of the person in the electronic environment." (c)
2. "One of the two keys used in an asymmetric encryption system. For secure communication, the private key should be known only to its creator." (a)
1. "The public key is the part of the key pair used by the recipient of an electronic document to verify the signature. It is maintained on the certificate issued by the certification authority." (c)
2. "One of the two keys used in an asymmetric encryption system. The public key is made public, to be used in conjunction with a corresponding private key." (a)
1. "Information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form." (e)
2. Information created or received during the course of government business that becomes part of an official transaction.
3. "All cards, correspondence, discs, maps, memoranda, microfilms, papers, photographs, recordings, reports, tapes, writings and other data, information or documentary material, regardless of physical form or characteristics, storage media or conditions of use, made or received by an officer or agency of the state and an officer or agency of a county, city, town, school district, municipal subdivision or corporation or other public authority or political entity within the state pursuant to state law or in connection with the transaction of public business by an officer or agency." Excluding "data and information that does not become part of an official transaction, library and museum material made or acquired and kept solely or reference or exhibit purposes, extra copies of documents kept only for convenience of reference and stock of publications and processed documents, and bonds, and coupons, or other obligations or evidence of indebtedness, the destruction or other disposition of which is governed by other laws." (g)
1. Reliability is the measure of a record's authority and is determined solely by the circumstances of the record's creation.
1. Media, such as tapes, floppy disks, and CD ROMs, that can be physically removed from the computer environment.
1. "The period of time, usually based on an estimate of the frequency of current and future use, and taking into account statutory and regulatory provisions, that records need to be retained before their final disposal." (l)
1. A plan for the management of records including a list of record series, coverage dates, locations, formats, volume, data practices classifications, and retention periods.
1. A component of risk management that evaluates risks (the possibility of incurring loss or injury), examining the probability of loss or injury occurring, then determining the amount of risk that is acceptable for a given situation or event; a prioritization of risks.
1. The destruction of evidence.
1. A device capable of storing data such as disk drives and tape drives. (b)
System Development Life Cycle
1. "A systematic and orderly approach to solving business problems, and developing and supporting resulting information systems." Typical phases of the system development life cycle include: Planning, Analysis, Design, Implementation, and Support. (d)
1. Under the Minnesota Government Data Practices Act, "an individual asked to supply private or confidential data concerning the individual shall be informed of: (a) the purpose and intended use of the requested data within the collecting state agency, political subdivision, or statewide system; (b) whether the individual may refuse or is legally required to supply the requested data; (c) any known consequence arising from supplying or refusing to supply private or confidential data; and (d) the identity of other persons or entities authorized by state or federal law to receive the data. This requirement shall not apply when an individual is asked to supply investigative data, pursuant to section 13.82, subdivision 5, to a law enforcement officer." (j)
1. "An action or set of actions occurring between two or more persons relating to the conduct of business, commercial, or governmental affairs." (f)
1. An information system that produces reliable and authentic records.
1. "Abbreviation of Uniform Resource Locator, the global address of documents and other resources on the World Wide Web." (b)
1. "Code embedded within a program that causes a copy of itself to be inserted in one or more other programs. In addition to propagation, the virus usually performs some unwanted function." (a)
World Wide Web (WWW)
1. "A system of Internet servers that support specially formatted documents. The documents are formatted in a language called HTML (HyperText Markup Language) that supports links to other documents, as well as graphics, audio, and video files." (b)
1. "Program that can replicate itself and send copies from computer to computer across network connections. Upon arrival, the worm may be activated to replicate and propagate again. In addition to propagation, the worm usually performs some unwanted function." (a)
a. William Stallings, Cryptography and Network Security: Principles and Practice. Upper Saddle River, NJ: Prentice Hall, 1999.
b. Webopedia. [http://webopedia.internet.com/]. November 1999.
c. Office of the Minnesota Secretary of State. November 1999.
d. d. Jeffrey L. Whitten, Lonnie D. Bentley, and Victor M. Barlow, System Analysis and Design Methods. Burr Ridge, IL: Irwin, 1994.
e. National Conference of Commissioners on State Laws, Draft: Uniform Electronic Transactions Act. [http://www.law.upenn.edu/library/ulc/ulc.htm]. March 1999.
f. State of California, Uniform Electronic Transactions Act. [http://www.leginfo.ca.gov/pub/99-00/bill/sen/sb_0801-0850/sb_820_bill_19990916_chaptered.html]. November 1999.
g. M.S. 138.17, Subdivisions 1 and 4
h. Fred B. Schneider, ed., Trust in Cyberspace. Committee on Information Systems Trustworthiness, National Research Council. Washington, D.C.: National Academy Press, 1999.
i. U.S. Environmental Protection Agency, "Glossary of Common Records Management Terms." [http://www.epa.gov/records/gloss/index.htm]. November 1999.
j. Minnesota Statutes, Chapter 13, Section 13.04, Subdivision 2.
k. Minnesota Statutes, Chapter 13, Section 13.02, Subdivision 7.
l. Judith Ellis, ed., Keeping Archives, Second Edition. Port Melbourne, Victoria, Australia: D. W. Thorpe, in association with The Australian Society of Archivists, Inc., 1997.
TIS Handbook last updated July 2002, Version 4.
Links verified March 3, 2010.