AI-assisted content — see full disclaimer

Glossary¶

A comprehensive glossary of IT terms, abbreviations, and concepts used throughout this primer. Terms are organized alphabetically. Hover over any abbreviation on the site to see its expansion.

A¶

Agile: An iterative approach to project management and software development that emphasizes flexibility, collaboration, and delivering working software in short cycles called sprints. See Project Management.
A/B Testing: A controlled experiment where two variants (A and B) of a webpage, feature, or process are shown to different user groups simultaneously to determine which performs better on a defined metric. Widely used in product development, marketing, and UX optimization. See Analytics Fundamentals.
API (Application Programming Interface): A set of rules and protocols that allows different software applications to communicate with each other. APIs enable integration between systems and are fundamental to modern enterprise architecture.
API Economy: A business model where organizations expose their data and services through APIs, enabling partners and developers to build new applications and revenue streams on top of existing platforms.

B¶

Backlog: In Agile project management, the prioritized list of work items (user stories, features, bugs) that a team plans to deliver. The product owner maintains and prioritizes the backlog.
Best-of-Breed: A strategy of selecting the best individual software product in each functional category (e.g., best CRM, best HR system) rather than buying an integrated suite from a single vendor. Contrast with Suite Approach.
BI (Business Intelligence): Technologies, practices, and strategies for collecting, integrating, analyzing, and presenting business data to support better decision-making. Includes dashboards, reporting, and data visualization tools.
Blockchain: A distributed, immutable digital ledger that records transactions across a network of computers. Used in supply chain traceability, cryptocurrency, smart contracts, and other applications requiring trust without a central authority.
BPM (Business Process Management): The discipline of analyzing, modeling, optimizing, and automating business workflows to improve efficiency and effectiveness. See Business Process Management.
Business Case: A formal document that justifies a proposed technology investment by analyzing costs, benefits, risks, and alternatives. Typically includes NPV, ROI, and payback period calculations.
BYOD (Bring Your Own Device): A policy that allows employees to use their personal devices (laptops, phones, tablets) for work purposes. Creates both productivity benefits and security challenges.

C¶

CapEx (Capital Expenditure): Money spent to acquire or upgrade long-term physical or technology assets. In IT, this traditionally meant buying servers, software licenses, and hardware. Contrast with OpEx.
CASB (Cloud Access Security Broker): A security tool that sits between cloud service users and cloud applications, providing visibility, compliance, data security, and threat protection. Important for managing Shadow IT.
CCPA (California Consumer Privacy Act): California's comprehensive data privacy law that gives consumers rights over their personal data, including the right to know what data is collected, to delete it, and to opt out of its sale.
CDO (Chief Data Officer): The senior executive responsible for enterprise-wide data governance, data quality, data strategy, and leveraging data as a strategic asset. See C-Suite Roles.
CDP (Customer Data Platform): A packaged software system that creates a persistent, unified customer database by combining data from multiple sources (CRM, website, mobile app, email, point of sale). Unlike a CRM, a CDP ingests all customer touchpoint data automatically and makes it available to other systems for activation. See Enterprise Applications.
Change Management: The structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state. Critical for technology adoption and digital transformation success.
Chargeback: An IT financial management practice where the IT department charges business units for the IT services they consume, making costs visible and encouraging efficient resource use.
CIO (Chief Information Officer): The senior executive responsible for an organization's overall IT strategy, technology investments, and alignment of IT with business objectives. See C-Suite Roles.
CISO (Chief Information Security Officer): The senior executive responsible for an organization's information security program, including cybersecurity strategy, risk management, and incident response. See C-Suite Roles.
Cloud Computing: The delivery of computing services — servers, storage, databases, networking, software — over the internet ("the cloud") on a pay-as-you-go basis. See Cloud Computing.
COBIT (Control Objectives for Information and Related Technologies): An IT governance framework developed by ISACA that provides a comprehensive set of controls and best practices for managing enterprise IT. See Governance Frameworks.
Composable Enterprise: An organizational design philosophy where business capabilities are built from modular, interchangeable components (packaged business capabilities or PBCs) connected through APIs, rather than monolithic applications. Enables organizations to rapidly reconfigure technology to respond to market changes. See Enterprise Applications.
Containerization: A lightweight virtualization approach that packages an application and its dependencies into a self-contained unit (container) that runs consistently across different computing environments. Docker is the most common container platform.
CRM (Customer Relationship Management): Software systems that manage an organization's interactions with current and potential customers, including sales, marketing, and customer service. Major vendors include Salesforce, Microsoft Dynamics, and HubSpot.
CTO (Chief Technology Officer): The senior executive responsible for technology innovation, engineering, and the technical direction of an organization's products and services. See C-Suite Roles.
Cybersecurity: The practice of protecting systems, networks, and data from digital attacks, unauthorized access, and damage. See Cybersecurity.

D¶

Data Governance: The framework of policies, processes, and standards that ensures data across an organization is accurate, consistent, secure, and properly managed. See Data Governance.
Data Lake: A centralized repository that stores large volumes of raw data in its native format until it is needed for analysis. Unlike data warehouses, data lakes accept structured, semi-structured, and unstructured data.
Data Lakehouse: An architecture that combines the flexibility and cost-efficiency of data lakes with the data management and query performance of data warehouses. Platforms like Databricks Delta Lake and Apache Iceberg enable ACID transactions and schema enforcement on top of low-cost cloud storage. See Data Governance.
Data Lineage: The ability to track data from its origin through all transformations and movements to its final destination. Essential for regulatory compliance, debugging, and trust in data quality.
Data Steward: A person responsible for ensuring data quality, consistency, and proper governance within a specific business domain. Data stewards bridge business knowledge and technical data management.
Data Warehouse: A centralized repository of structured, cleaned, and integrated data from multiple sources, optimized for analytical queries and reporting. Contrast with Data Lake.
Data Modeling: The process of creating a visual representation of a data system's structure, including entities (things), attributes (properties), and relationships between entities. Entity-Relationship Diagrams (ERDs) are the most common data modeling notation. Data models serve as blueprints for database design and help business and technical stakeholders agree on data definitions.
Deep Learning: A subset of machine learning that uses neural networks with many layers to learn complex patterns from large datasets. Powers applications like image recognition, natural language processing, and autonomous vehicles.
Defense in Depth: A cybersecurity strategy that layers multiple security controls so that if one fails, others continue to protect the organization. Layers typically include perimeter security, network security, endpoint protection, application security, data encryption, identity management, and physical security. See Cybersecurity.
Descriptive Analytics: The most foundational level of analytics that answers the question "What happened?" by summarizing historical data through reports, dashboards, and KPIs. Examples include monthly revenue reports, website traffic summaries, and inventory counts. See Analytics Fundamentals.
Design Thinking: A human-centered approach to innovation that follows five stages: Empathize, Define, Ideate, Prototype, and Test. Originally developed at Stanford's d.school, design thinking starts with understanding user needs rather than starting with technology capabilities. See Innovation Management.
DPO (Data Protection Officer): A role required by GDPR for organizations that process personal data at scale. The DPO advises on data protection obligations, monitors compliance, and serves as the point of contact with data protection authorities. Distinct from the CISO (who focuses on security) and the CPO (who focuses on privacy strategy). See Cybersecurity.
DevOps: A set of practices that combines software development (Dev) and IT operations (Ops) to shorten the development lifecycle and deliver software more reliably through automation, collaboration, and continuous feedback.
Digital Maturity: The extent to which an organization has integrated digital technologies into its operations, culture, and business model. Maturity models assess progress from initial/ad-hoc to optimized/transformative stages.
Digital Transformation: The process of using digital technologies to fundamentally change how an organization operates, delivers value, and competes in the market. See Digital Transformation.

E¶

Edge Computing: Processing data near the source where it is generated (at the "edge" of the network) rather than sending it to a centralized data center or cloud. Reduces latency and bandwidth usage for IoT and real-time applications.
Encryption: The process of converting data into a coded format that can only be read by someone with the correct decryption key. Protects data confidentiality both at rest (stored) and in transit (transmitted).
Enterprise Architecture: The discipline of designing and managing an organization's overall technology landscape, ensuring systems and infrastructure align with business strategy. See Enterprise Architecture.
ERP (Enterprise Resource Planning): Integrated software systems that manage core business processes including finance, HR, manufacturing, supply chain, and procurement. Major vendors include SAP, Oracle, and Microsoft. See Enterprise Applications.
ESB (Enterprise Service Bus): Middleware technology that enables communication between different applications in a service-oriented architecture. Acts as a central hub for routing messages between systems.
ETL (Extract, Transform, Load): The process of extracting data from source systems, transforming it into a consistent format, and loading it into a target system (typically a data warehouse) for analysis.

F¶

FHIR (Fast Healthcare Interoperability Resources): A standard for exchanging healthcare information electronically. Developed by HL7 International, FHIR uses modern web technologies (REST APIs, JSON) to enable interoperability between healthcare IT systems, making patient data accessible across providers and applications.
FinOps (Cloud Financial Operations): A practice that brings financial accountability to cloud computing's variable spending model. FinOps teams combine engineering, finance, and business functions to establish real-time cloud cost visibility, optimization, and governance. Key activities include right-sizing resources, managing reserved instances, and creating showback/chargeback reports. See Cloud Computing.
Firewall: A network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Acts as a barrier between trusted and untrusted networks.

G¶

GPL (GNU General Public License): The most widely used open source software license, created by Richard Stallman. GPL is a copyleft license — any software that incorporates GPL-licensed code must also be released under the GPL, ensuring that derivative works remain open source. This "viral" characteristic makes GPL strategically important for enterprise software decisions. See Open Source Software.
GDPR (General Data Protection Regulation): The European Union's comprehensive data privacy regulation that governs how organizations collect, store, and process personal data of EU residents. Imposes significant fines for non-compliance.

H¶

HCM (Human Capital Management): Software systems that manage the full employee lifecycle including recruitment, onboarding, payroll, performance management, learning, and workforce planning. Major vendors include Workday, SAP SuccessFactors, and Oracle HCM Cloud.
HIPAA (Health Insurance Portability and Accountability Act): U.S. legislation that sets standards for protecting sensitive patient health information from being disclosed without consent.
Hybrid Cloud: A computing environment that combines on-premise infrastructure with public and/or private cloud services, allowing data and applications to move between them.

I¶

IaaS (Infrastructure as a Service): A cloud computing model where the provider offers virtualized computing resources (servers, storage, networking) over the internet. Examples: AWS EC2, Microsoft Azure VMs. See Cloud Computing.
IoT (Internet of Things): A network of physical devices, sensors, and objects embedded with connectivity and software that collect and exchange data. Applications include smart manufacturing, fleet management, and building automation.
iPaaS (Integration Platform as a Service): A cloud-based platform that provides tools for connecting applications, data, and processes across cloud and on-premise environments. iPaaS solutions (e.g., MuleSoft, Dell Boomi, Workato) simplify the integration challenge of multi-cloud and hybrid IT architectures by providing pre-built connectors, data transformation, and API management. See Enterprise Applications.
IRR (Internal Rate of Return): A financial metric used in capital budgeting that represents the discount rate at which the net present value of an investment equals zero. Used to compare and prioritize technology investments.
ISACA: An international professional association focused on IT governance, risk management, and cybersecurity. Publishes the COBIT framework and offers certifications including CISA, CISM, and CRISC.
IT Governance: The framework of policies, processes, and organizational structures that ensure IT investments support business objectives, manage risk, and deliver value. See Governance Frameworks.
IT Steering Committee: A cross-functional governance body of senior business and IT leaders that provides strategic direction for IT investments, prioritizes projects, and resolves resource conflicts.
ITIL (Information Technology Infrastructure Library): A widely adopted framework of best practices for IT service management (ITSM), covering the design, delivery, and support of IT services. See Governance Frameworks.
ITSM (IT Service Management): The implementation and management of quality IT services that meet the needs of the business. ITIL is the most widely used ITSM framework.

K¶

Kanban: An Agile project management method that visualizes work on a board, limits work in progress, and emphasizes continuous flow rather than fixed-length sprints. See Project Management.
KPI (Key Performance Indicator): A measurable value that demonstrates how effectively an organization is achieving key business objectives.
Kubernetes: An open-source platform for automating the deployment, scaling, and management of containerized applications across clusters of servers. Originally developed by Google.

L¶

Legacy System: An older technology system that remains in use despite being outdated, because it still performs critical business functions. Legacy systems often present integration, maintenance, and security challenges.
Low-Code / No-Code: Development platforms that enable users to create applications through graphical interfaces and configuration rather than traditional hand-coded programming. Low-code platforms (e.g., Microsoft Power Platform, Mendix, OutSystems) accelerate development for professional developers; no-code platforms enable non-technical "citizen developers" to build simple applications. See Enterprise Applications.
LOB (Line of Business): A specific business function or department within an organization (e.g., marketing, finance, operations) that has its own objectives and technology needs.

M¶

Machine Learning (ML): A subset of artificial intelligence where systems learn patterns from data and improve their performance without being explicitly programmed. Applications include prediction, classification, and recommendation.
MDM (Master Data Management): The processes, governance, policies, and tools that ensure an organization's critical shared data (customers, products, employees) is consistent, accurate, and controlled across the enterprise.
MFA (Multi-Factor Authentication): A security method that requires users to provide two or more verification factors to gain access to a system. Factors include something you know (password), something you have (phone), and something you are (biometric).
Microservices: An architectural approach where an application is built as a collection of small, independent services that communicate via APIs. Contrasts with monolithic architecture where all functionality is in a single application.
Middleware: Software that acts as a bridge between different applications, databases, or systems, enabling them to communicate and share data.
MLOps: A set of practices for deploying, monitoring, and managing machine learning models in production. Combines ML engineering, DevOps, and data engineering principles.
MVP (Minimum Viable Product): The simplest version of a product that can be released to test key assumptions and gather customer feedback before investing in full development.

N¶

NLP (Natural Language Processing): A branch of AI that enables computers to understand, interpret, and generate human language. Powers applications like chatbots, sentiment analysis, and document summarization.
NPV (Net Present Value): A financial metric that calculates the present value of all future cash flows (positive and negative) from an investment, discounted at a required rate of return. Used to evaluate technology investments.
Network Effects: The phenomenon where a product or service becomes more valuable as more people use it. Direct network effects occur when users benefit from other users on the same side (e.g., telephones, social networks). Indirect (cross-side) network effects occur in platforms when one user group benefits from growth in another (e.g., more app developers attract more iPhone buyers, and vice versa). See Platform Economics.
NIST CSF (NIST Cybersecurity Framework): A voluntary cybersecurity framework developed by the U.S. National Institute of Standards and Technology that provides standards, guidelines, and best practices for managing cybersecurity risk. See Cybersecurity.
NoSQL: A category of database systems that do not use the traditional relational (table-based) model. NoSQL databases include document stores (MongoDB), key-value stores (Redis), column-family stores (Cassandra), and graph databases (Neo4j). They excel at handling large volumes of unstructured or semi-structured data and scaling horizontally across many servers.

O¶

OLAP (Online Analytical Processing): A category of technology optimized for complex, multidimensional queries and analysis. OLAP enables users to slice, dice, drill down, and pivot data across dimensions like time, geography, and product. Contrast with OLTP (Online Transaction Processing), which is optimized for fast recording of individual transactions. See Data Governance.
Open Source: Software whose source code is publicly available for anyone to inspect, modify, and distribute, subject to the terms of its license. Open source powers critical enterprise infrastructure including Linux, Kubernetes, PostgreSQL, and Apache. See Open Source Software.
Open Weights: A term used in AI to describe models where the trained model parameters (weights) are publicly released, but the training data, training code, or both may remain proprietary. Examples include Meta's Llama and Mistral AI models. Open weights models can be fine-tuned and deployed locally, offering more control than proprietary API-only models. See AI & Emerging Tech.
OpEx (Operating Expenditure): Ongoing day-to-day costs of running a business. In IT, cloud subscriptions and SaaS fees are typically classified as OpEx. Contrast with CapEx.

P¶

PaaS (Platform as a Service): A cloud computing model that provides a platform for developing, running, and managing applications without managing the underlying infrastructure. Examples: Heroku, Google App Engine. See Cloud Computing.
Penetration Testing: An authorized simulated cyberattack on a computer system, performed to evaluate the security of the system and identify vulnerabilities before malicious actors can exploit them.
Platform Economy: A business model where value is created by facilitating exchanges between two or more interdependent groups (e.g., Uber connecting riders and drivers, Apple's App Store connecting developers and users).
PMBOK (Project Management Body of Knowledge): A set of standard terminology and guidelines for project management published by the Project Management Institute (PMI). See Project Management.
PMO (Project Management Office): An organizational unit that standardizes project management practices, provides governance over the project portfolio, and supports project managers.
Predictive Analytics: Analytics that answers the question "What is likely to happen?" by using statistical models, machine learning, and historical patterns to forecast future outcomes. Applications include demand forecasting, customer churn prediction, predictive maintenance, and credit risk scoring. See Analytics Fundamentals.
Prescriptive Analytics: The most advanced level of analytics that answers "What should we do?" by recommending specific actions based on predictive models and optimization algorithms. Examples include dynamic pricing engines, supply chain optimization, and treatment recommendation systems. See Analytics Fundamentals.
Privacy by Design: A framework developed by Ann Cavoukian that embeds privacy protections into the design and architecture of IT systems and business practices from the outset, rather than adding privacy as an afterthought. The seven foundational principles include proactive (not reactive) measures, privacy as the default, and full functionality without privacy trade-offs. See Cybersecurity.
Prompt Engineering: The practice of designing and refining input prompts to get desired outputs from generative AI models. Techniques include few-shot learning (providing examples), chain-of-thought prompting (requesting step-by-step reasoning), and system prompts (setting behavioral context). A critical skill for organizations deploying large language models. See AI & Emerging Tech.
PUE (Power Usage Effectiveness): A metric for data center energy efficiency, calculated as total facility energy divided by IT equipment energy. A PUE of 1.0 would mean all energy goes to computing; typical data centers have PUE of 1.5-2.0.

R¶

RAG (Retrieval-Augmented Generation): An AI architecture pattern that enhances LLM outputs by first retrieving relevant information from an external knowledge base and including it in the model's context. RAG enables organizations to ground AI responses in their proprietary data without fine-tuning the model, reducing hallucinations and keeping responses current. See AI & Emerging Tech.
Ransomware: Malicious software that encrypts a victim's data and demands payment (ransom) for the decryption key. One of the most significant cybersecurity threats to organizations.
Responsible AI: The practice of developing and deploying AI systems in ways that are ethical, transparent, fair, and accountable. Includes addressing bias, ensuring explainability, and maintaining human oversight.
RFP (Request for Proposal): A formal document that organizations issue to solicit bids from potential vendors for products or services, outlining requirements and evaluation criteria. See Vendor Management.
ROI (Return on Investment): A financial metric that calculates the percentage return relative to the cost of an investment. Used to evaluate and compare technology investments.
RPA (Robotic Process Automation): Technology that uses software "bots" to automate repetitive, rule-based tasks that humans typically perform, such as data entry, form processing, and report generation.

S¶

SaaS (Software as a Service): A cloud computing model where software is delivered over the internet on a subscription basis. Users access the software via a web browser. Examples: Salesforce, Microsoft 365, Google Workspace.
SCM (Supply Chain Management): The management of the flow of goods, data, and finances related to a product — from procurement of raw materials through delivery to the end customer.
Scrum: An Agile framework that organizes work into fixed-length iterations called sprints (typically 2-4 weeks), with defined roles (Product Owner, Scrum Master, Development Team) and ceremonies (sprint planning, daily standup, retrospective).
Serverless Computing: A cloud computing model where the cloud provider automatically manages the infrastructure, scaling, and capacity. Developers write code (functions) without worrying about the underlying servers. Examples: AWS Lambda, Azure Functions.
Shadow IT: Technology systems, software, and services adopted and used by employees without the knowledge or approval of the IT department. See Shadow IT.
Showback: Similar to chargeback but informational only — IT reports the costs of services consumed by each business unit without actually billing them. Used to raise cost awareness.
SIEM (Security Information and Event Management): Technology that aggregates and analyzes security log data from across an organization's IT infrastructure to detect threats, investigate incidents, and support compliance.
SLA (Service Level Agreement): A formal contract between a service provider and customer that defines the expected level of service, performance metrics, and remedies for non-compliance.
SOA (Service-Oriented Architecture): An architectural style where applications are built from loosely coupled, reusable services that communicate through standardized interfaces. A predecessor to microservices architecture.
SOC (Security Operations Center): A centralized facility where a team of security professionals monitors, detects, analyzes, and responds to cybersecurity incidents around the clock.
SOX (Sarbanes-Oxley Act): U.S. legislation that sets requirements for financial reporting and internal controls, with significant implications for IT systems that process financial data.
Sprint: In Scrum, a fixed-length time period (typically 2-4 weeks) during which a team works to complete a set of prioritized items from the product backlog.
Suite Approach: A strategy of purchasing an integrated set of applications from a single vendor (e.g., full SAP or Oracle suite) rather than selecting best-of-breed products. Offers tighter integration but less flexibility.

T¶

TCO (Total Cost of Ownership): A financial estimate that includes all direct and indirect costs associated with acquiring, deploying, operating, and eventually retiring a technology asset or system. See IT Budgeting.
Two-Sided Market: A platform that serves two distinct user groups who provide each other with network benefits. The platform acts as an intermediary that creates value by reducing search and transaction costs. Examples: credit cards (merchants and cardholders), ride-sharing (drivers and riders), app stores (developers and consumers). See Platform Economics.
Technical Debt: The accumulated cost of shortcuts, workarounds, and deferred maintenance in software systems. Like financial debt, technical debt incurs "interest" in the form of increased maintenance costs and reduced agility.
TOGAF (The Open Group Architecture Framework): A widely used enterprise architecture framework that provides a structured approach to designing, planning, implementing, and governing IT architecture. See Enterprise Architecture.

V¶

Vector Database: A specialized database designed to store and efficiently query high-dimensional vector embeddings — numerical representations of text, images, or other data created by AI models. Vector databases (e.g., Pinecone, Weaviate, Milvus, pgvector) power similarity search and are essential infrastructure for RAG systems and AI-powered search. See AI & Emerging Tech.
Vendor Lock-In: A situation where an organization becomes dependent on a specific vendor's products or services, making it difficult or costly to switch to an alternative. A key risk in cloud computing and enterprise software decisions.
Virtualization: Technology that creates virtual versions of physical computing resources (servers, storage, networks), allowing multiple virtual systems to run on a single physical machine.
VPN (Virtual Private Network): A technology that creates an encrypted connection over the internet between a user's device and a private network, enabling secure remote access to organizational resources.

W¶

Waterfall: A sequential software development methodology where each phase (requirements, design, implementation, testing, deployment) must be completed before the next begins. See Project Management.

Z¶

Zachman Framework: An enterprise architecture framework organized as a 6x6 matrix that categorizes architectural artifacts by stakeholder perspective (rows) and interrogative (columns: What, How, Where, Who, When, Why). See Enterprise Architecture.
Zero Trust: A cybersecurity model that assumes no user, device, or network should be trusted by default, even if inside the corporate perimeter. Every access request must be verified, validated, and authorized. See Cybersecurity.