Home LinkBooklets LinkResources LinkPresentations LinkBackground Image
Background Image
Background Image
Background Image
FFIEC Information Technology
Examination Handbook
Glossary

 

 

 Go to top of page
Start of D Words
  

DASD
Direct access storage device. A magnetic disk storage device historically used in mainframe environments. DASD may also include hard drives used in personal computers.

Data Mirroring
A back-up process that involves writing the same data to two physical disks or servers simultaneously.

Data Replication
The process of copying data, usually with the objective of maintaining identical sets of data in separate locations. Two common data replication processes used for information systems are synchronous and asynchronous mirroring.

Data Synchronization
The comparison and reconciliation of interdependent data files at the same time so that they contain the same information.

Database
(1) An organized collection of information stored on one or more electronic files. (2) A database represents the collection of data that is stored on any type of computer storage medium and may be used for more than one purpose.

Daylight Overdraft
A daylight overdraft occurs at any point in the business day when the balance in an institution’s account becomes negative. Daylight overdrafts can occur in accounts at Federal Reserve Banks as well as at private financial institutions. Daylight credit can also arise in the form of net debit positions of participants in private payment systems. A daylight overdraft occurs at a Federal Reserve Bank when there are insufficient funds in an institution’s Federal Reserve Bank account to cover outgoing funds transfers or incoming book-entry securities transfers. An overdraft can also be the result of other payment activity processed by the Federal Reserve Bank, such as check or automated clearinghouse transactions.

Debit Card
A payment card issued as either a PIN-based debit (ATM) card or as a signature-based debit card from one of the bankcard associations. A payment card issued to a person for purchasing goods and services through an electronic transfer of funds from a demand deposit account rather than using cash, checks, or drafts at the point-of-sale.

Debit Entry
An entry to the record of an account to represent the transfer or removal of funds from the account.

Dedicated Synchronous Optical NETwork (SONET)
SONET is a standard for telecommunications transmissions over fiber optic cables. SONET is self-healing so that if a break occurs in the lines, it can use a back-up redundant ring to ensure that the transmission continues. SONET networks can transmit voice and data over optical networks.

Deferred Net Settlement
See National Settlement Service.

Deliverable
A project goal or expectation. Deliverables include broadly-defined project or phase requirements, and specifically-defined tasks within project phases.

Depositary Bank
The institution at which a check is first deposited.

Depository
An institution that holds funds or marketable securities for safekeeping. Depositories may be privately or publicly operated, allow securities transfers through book-entry, and offer funds accounts permitting funds transfers as a means of payment.

Depository bank
An institution that accepts deposits.

Dictionary Attack
Discovery of authenticators by encrypting likely authenticators, and comparing the actual encrypted authenticator with the newly encrypted possible authenticators.

Digital Certificate
The electronic equivalent of an ID card that authenticates the originator of a digital signature.

Digital Subscriber Line (DSL)
DSL provides the ability to transmit high-speed digital signals over existing telephone lines.

Direct Data Feed
A process used by information aggregators to gather information directly from a website operator rather than copying it from a displayed webpage.

Direct Debit
Electronic transfer, usually through ACH, out of an individual's checking (or savings) account to pay bills, such as mortgage payments, insurance premiums, and utility payments. Also referred to as “direct payment.”

Direct Deposit
Electronic deposits or credit usually through ACH to an individual’s deposit account. Common uses of direct deposit include payroll payments, Social Security benefits, and income from investments such as CDs, annuities, and mutual funds.

Direct Presentment
Depositary banks can present checks directly to the paying institution. The paying institution may be the depositary bank (no settlement is needed), or, if not, may settle on the books of the Federal Reserve, using the Federal Reserve’s national settlement service.

Disaster Recovery Exercise
A test of an institution’s disaster recovery or BCP.

Disaster Recovery Plan
A plan that describes the process to recover from major processing interruptions.

Disk Shadowing
A back-up process that involves writing images to two physical disks or servers simultaneously.

Distributed Environment
A computer system with data and program components physically distributed across more than one computer.

Diversity
A description of financial services sectors in which primary and back-up telecommunications capabilities do not share a single point of failure.

DMZ
Abbreviation for “demilitarized zone.” A computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet.

DNS Server
Abbreviation for “Domain Name Service server.” A computer that determines Internet Protocol (IP) numeric addresses from domain names presented in a convenient, readable form.

DSL
Digital subscriber line. A technology that uses existing copper telephone lines and advanced modulation schemes to provide high-speed telecommunications to businesses and homes.

Dual Control
Dividing the responsibility of a task into separate, accountable actions to ensure the integrity of the process.

 Go to top of page
Start of E Words
  

E-banking
The remote delivery of new and traditional banking products and services through electronic delivery channels.

Electronic Benefits Transfer (EBT)
A type of EFT system involving the transfer of public entitlement payments, such as welfare or food stamps, through direct deposit or point-of-sale technology (see POS). The recipient can be given an identification card, similar to a benefit card, and a PIN allowing access to the benefits through an electronic network.

Electronic Bill Presentment and Payment (EBPP)
An electronic alternative to traditional bill payment, allowing a merchant or utility to present its customers with an electronic bill and the payer to pay the bill electronically. EBPP systems usually fall within two models: direct and consolidation-aggregation. In the direct model, the merchant or utility generates an electronic version of the consumer’s billing information, and notifies the consumer of a pending bill, generally via e-mail.

The consumer can initiate payment of the electronically presented bill using a variety of payment mechanisms, typically a credit card. In the consolidation-aggregation model, the consumer’s bills are consolidated by a consolidator acting on behalf of merchants and utilities (or aggregated on behalf of the consumer), combining data from multiple bills and presenting a single source for the consumer to initiate payment.

Some consolidators present bills at their own web sites, typically most support the aggregation of bills by consumer service providers such an Internet portals, financial institutions, and brokerage web sites.

Electronic Check Presentment (ECP)
Check truncation methodology in which the paper check’s MICR line information is captured and stored electronically for presentment. The physical checks may or may not be presented after the electronic files are delivered, depending on the type of ECP service that is used.

Electronic Commerce (E-commerce)
A broad term encompassing the remote procurement and payment by businesses or consumers of goods and services through electronic systems such as the Internet.

Electronic Data Capture (EDC)
Process used for capturing and transferring the encoded information on the magnetic strip from a bankcard or debit card at the point-of-sale (POS) to the processor’s database.

Electronic Funds Transfer (EFT)
A generic term describing any transfer of funds between parties or depository institutions through electronic data systems.

Electronic Funds Transfer Act (EFTA)
The Electronic Funds Transfer Act and Regulation E are designed to ensure adequate disclosure of basic terms, costs, and rights relating to electronic fund transfer (EFT) services provided to consumers. Institutions offering EFT services must disclose to consumers certain information, including: initial and updated EFT terms, transaction information, periodic statements of activity, the consumer’s potential liability for unauthorized transfers, and error resolution rights and procedures. EFT services include automated teller machines, telephone bill payment, point-of-sale transfers in retail stores, fund transfers initiated through the Internet, and preauthorized transfers to or from a consumer’s account.

Electronic Vaulting
A back-up procedure that copies changed files and transmits them to an off-site location using a batch process.

E-mail Server
A computer that manages e-mail traffic.

Emergency Plan
The steps to be followed during and immediately after an emergency such as a fire, tornado, bomb threat, etc.

Encryption
1) A data security technique used to protect information from unauthorized inspection or alteration. Information is encoded so that it appears as a meaningless string of letters and symbols during delivery or transmission. Upon receipt, the information is decoded using an encryption key. 2) The conversion of information iinto a code or cipher.

End User
An individual who will utilize a product or program.

End-to-end Recoverability
The ability of an institution to recover a business process from initiation, such as customer contact, through process finalization, such as transaction closure.

Enterprise Architecture
1) An organization’s framework of technology hardware, software, and related policies. 2) The configuration of computer systems within an organization. Includes local area networks (LANs), wide area networks (WANs), bridges, applications, etc.

Enterprise-wide
Encompassing an entire organization, rather than a single business department or function.

Expedited Funds Availability Act (EFAA)
See Regulation CC.

Exploit
A technique or code that uses a vulnerability to provide system access to the attacker.

Exposure
The potential loss to an area due to the occurrence of an adverse event.

Exposure Limit
Referring to the settlement of operating services, the maximum amount an ACH originator is allowed to originate. This amount can be based on the originator’s credit rating, historical or predicted funding requirements, and the type of obligation.

 Go to top of page
Start of F Words
 

Federal Reserve Banks
The Federal Reserve Banks provide a variety of financial services including retail and wholesale payment services. The Federal Reserve Banks also operate a nationwide system for clearing and settling checks drawn on depository institutions located in all regions of the United States.

Fedwire®
The Federal Reserve System’s nationwide real-time gross settlement electronic funds and securities transfer network. Fedwire® is a credit transfer system, and each funds transfer is settled individually against an institution’s reserve or clearing account on the books of the Federal Reserve as it is processed and is considered a final and irrevocable payment. Finality Irrevocable and unconditional transfer of payment during settlement.

Fedwire® Funds Service
The Federal Reserve Banks’ high-speed electronic funds transfer system. As a real-time gross settlement system, the Fedwire® Funds Service processes and settles individual payments between participants immediately in central bank money. Once processed, these payments are final.

Fedwire® Securities Service
The Federal Reserve Banks’ high-speed electronic payments system for maintaining securities accounts and for effecting securities transfers. The Fedwire® Securities Service provides a real-time, delivery-versus-payment (DVP), gross settlement system that allows for the immediate, simultaneous transfer of securities against payment. Once processed, securities transfers are final.

FEMA
FEMA is an acronym for Federal Emergency Management Agency.

Fibre Channel
A high performance serial link supporting its own, as well as higher-level protocols such as the small computer system interface, high performance parallel interface framing protocol, and intelligent peripheral interface. The Fibre Channel standard addresses the need for very fast transfers of large amounts of information. The fast (up to 1 Giga byte per second) technology can be converted for LAN technology by adding a switch specified in the Fibre Channel standard that handles multipoint addressing. Fibre Channel gives users one port that supports both channel and network interfaces, unburdening the computers from large number of input and output (I/O) ports. Fibre Channel provides control and complete error checking over the link.

FIN (financial application)
The SWIFT application within which all SWIFT user-to-user messages are input and output.

Finality
Irrevocable and unconditional transfer of payment during settlement.

Financial Authority
A supervisory organization that is responsible for safeguarding and maintaining consumer confidence in the financial system.

Financial EDI (FEDI)
Financial electronic data interchange. An instrument for settling invoices by initiating payments, processing remittance data and automating reconciliation, through the exchange of electronic messages.

Financial Industry Participants
Financial institutions and other companies that are involved in the banking, securities, and/or insurance industry and are regulated by supervisory authorities.

Firewall
A hardware or software link in a network that relays only data packets clearly intended and authorized to reach the other side.

Float
Funds held by an institution during the check-clearing process before being made available to a depositor. Interest may be earned on these funds.

Flowcharts
Traditional flowcharts involve the use of geometric symbols, such as diamonds, ovals, and rectangles to represent the sequencing of program logic. Software packages are available that automatically chart programs or enable a programmer to chart a program without the need to draw it manually.

Frame Relay
(1) A high-performance WAN protocol that operates at the physical and data link layers of the Open Systems Interconnect (OSI) reference model. Frame Relay is an example of a packet-switched technology. Packet-switched networks enable end stations to dynamically share the network medium and the available bandwidth. Frame relay uses existing T-1 and T-3 lines and provides connection speeds from 56 Kbps to T-1. (2) A service provided by telecommunications companies that connects local area networks to regional or national backbone networks.

Framing
A frame is an area of a webpage that scrolls independently of the rest of the webpage. Framing generally refers to the use of a standard frame containing information (like company name and navigation bars) that remains on the screen while the user moves around the text in another frame.

FS/ISAC
Acronym for Financial Services Information Sharing and Analysis Center

Full-duplex
A communications channel that carries data in both directions.

Full-Interruption/ Full-Scale Test (IT and Staff)
A business continuity test that activates all the components of the disaster recovery plan at the same time. Hardware, software, staff, communications, utilities, and alternate site processing should be thoroughly tested in this type of testing activity. The exercise should include the business line end users and the IT group to ensure that each business line tests its key applications and is prepared to recover and resume its business operations in the event of an emergency. The full test verifies that systems and staff can recover and resume business within established recovery time objectives. End users should verify the integrity of the data at the alternate site after the IT group has restored systems and applications needed for the staff to perform production activities.

Functional Drill/Parallel Test
This test involves the actual mobilization of personnel at other sites in an attempt to establish communications and coordination as set forth in the BCP.

Functional Requirements
The business, operational, and security features an organization wants included in a program.

Functionality Testing
A test designed to validate that a business process or activity accomplishes expected results.

 Go to top of page
Start of G Words
  

Gap Analysis
A comparison that identifies the difference between actual and desired outcomes.

Gateway Server
A computer (server) that connects a private network to the private network of a servicer or other business.

General controls
Controls, other than application controls, that relate to the environment within which application systems are developed, maintained, and operated, and that are therefore applicable to all the applications at an institution. The objectives of general controls are to ensure the proper development and implementation of systems, and the integrity of program and data files and of computer operations. Like application controls, general controls may be either manual or programmed. Examples of general controls include the development and implementation of an IT strategy and an IT security policy, the organization of IT staff to separate conflicting duties and planning for disaster prevention and recovery.

GETS
Acronym for the Government Emergency Telecommunications Service card program. GETS cards provide emergency access and priority processing for voice communications services in emergency situations.

Grandfather-Father-Son
Retaining multiple versions of the back-up files off-site on a “grandfather-father-son” rotating basis is recommended. This tape methodology creates three sets of back-up tapes: daily incremental sets or “sons,” weekly full sets or “fathers,” and end-of-month tapes or “grandfathers.”

 Go to top of page
Start of H Words
  

Hacker
An individual who attempts to break into a computer without authorization.

Haircut
With respect of an eligible currency, the percentage increase of a negative currency balance or reduction of a positive currency balance and is based on (a) the volatility of the historic foreign exchange movements in the applicable eligible currency determined by CLS Bank and (b) an add-on component.

Hardening
1) The process of securing a computer’s administrative functions or inactivating those features not needed for the computer’s intended business purpose.  2) Decreasing the capability of a device to the minimum required for its intended purpose.

Hash
A fixed length cryptographic output of variables, such as a message, being operated on by a formula, or cryptographic algorithm.

Hash Totals
A numerical summation of one or more corresponding fields of a file that would not ordinarily be summed. Typically used to detect when changes in electronic information have occurred.

HBA
Host bus adapter. A host bus adapter provides I/O processing and physical connectivity between a server and storage. As the only part of a storage area network that resides in a server, HBAs also provide a critical link between the storage area network and the operating system and application software.

Hierarchical Storage Management (HSM)
HSM is used to dynamically manage the back-up and retrieval of files based on how often they are accessed using storage media and devices that vary in speed and cost.

Hijacking
The use of an authenticated user’s communication session to communicate with system components.

Hop
Each step of a trip a data packet takes from its origination to its destination. For example, on the Internet a data packet may go through several routers before reaching its final destination.

Host
A computer that is accessed by a user from a remote location.

Hosting
See Website hosting.

HTML
Abbreviation for “Hypertext Markup Language.” A set of codes that can be inserted into text files to indicate special typefaces, inserted images, and links to other hypertext documents.

Hub
Simple devices that pass all data traffic in both directions between the LAN sections they link. Hubs forward every message they receive to the other sections of the LAN, even those that do not need to go there.

HVAC
Acronym for heating, ventilation, and air conditioning.

Hyperlink
An item on a webpage that, when selected, transfers the user directly to another location in a hypertext document or to another webpage, perhaps on a different machine. Also simply called a “link.”


Glossary