FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation

Pages:     | 1 |   ...   | 27 | 28 || 30 | 31 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 29 ] --

1 Physical Access. The process of obtaining use of a computer system, - for example by sitting down at a keyboard, - or of being able to enter specific area(s) of the organisation where the main computer systems are located.

2 Logical Access. The process of being able to enter, modify, delete, or inspect, records and data held on a computer system by means of providing an ID and password (if required). The view that restricting physical access relieves the need for logical access restrictions is misleading. Any organisation with communications links to the outside world has a security risk of logical access. Hackers do not, generally, visit the sites they are hacking in person.- they do it from a distance!

–  –  –

Access Control List The Access Control List - ACL - is a file which a computer’s operating system uses to determine the users’ individual access rights and privileges to folders / directories and files on a given system. Common privileges allow a user to read a file (or all the files in a folder / directory), to write / update the file or files, and to run (execute) the file (if it is an executable file, or program).

Access Rights The powers granted to users to create, change, delete, or simply view data and files within a system, according to a set of rules defined by IT and business management. It is not necessarily true that the more senior a person, the more power is granted. For example, most data capture - essentially creating new files or transactions, is performed at relatively junior level, and it is not uncommon for senior management to have access rights only to view data with no power to change it. There are very good Internal Control and Audit reasons for adopting this approach.

Accidental Damage In relation to Information Security, accidental damage refers to damage or loss, that is caused as a result of a genuine error or misfortune. However, despite the genuine nature of the accident, such incidents can, and should be prevented by awareness, alertness and action.

For example, whilst we can all sympathise with the person who has lost their 50 page document through a system crash, there is little excuse for not having made a suitable backup copy from which to recover the situation.

Account An ‘account’ is the term used most commonly to describe a user’s profile which permits access to computer systems. Sometimes the account refers simply to the means of gaining network access to printers and the filing system; in other instances ‘accounts’ can be application systems’ specific and incorporate a range of optional privileges controlling a user’s level of access. (See Access Control).

Achilles Heel The term Achilles Heel refers to an area of weakness which, when applied to Information Security means the weak link in the security safeguards. An example of an Achilles Heel would be where substantial effort has been made to secure data on the server, and yet virtually anyone is able to walk in to the systems room and remove the disk sub-systems.

The appropriate action for the Security Officer in your organisation, is to identify the Achilles Heel, and to take action against it.

Admissible Evidence Admissible Evidence is ‘evidence’ that is accepted as legitimate in a court of law.

From an Information Security perspective, the types of ‘evidence’ will often involve the production of a system’s log files. The log file will usually identify the fact that a

–  –  –

ADSL ADSL (Asymmetric Digital Subscriber Line) is a relatively new technology for transmitting digital information at high speeds, using existing phone lines (POTS ) to homes and business users alike. Unlike the standard dialup phone service, ADSL provides a permanent connection, at no additional cost.

ADSL was specifically designed to exploit the one-way nature of most multimedia communication in which large amounts of information flow toward the user and only a small amount of interactive control information is returned. Several experiments with ADSL to real users began in 1996. In 1998, wide-scale installations began in several parts of the U.S. In 2000 and beyond, ADSL and other forms of DSL are expected to become generally available in urban areas.

With ADSL (and other forms of DSL), telephone companies are competing with cable companies and their cable modem services.

N.B. The Information Security implications of connecting full time to the Internet should not be underestimated. Anyone connecting their system full time to the Internet, needs a firewall, which does not have to cost $hundreds.

–  –  –

Alpha Geek The most knowledgeable, technically proficient, person in an office, work group, or other, usually non-IT, environment. Born ‘fiddlers’ and ‘tinkerers’, they tend to ignore the basic rule of ‘If it ain’t broke don’t fix it’ preferring to operate on the basis of ‘Fix it, until it is broke’. Such people can be a considerable security risk like ordinary Geeks, Anoraks, and Tech-heads, - only more so.

Alpha Software Software, described as an ‘alpha version’ means that, whilst it has received basic testing by the developer(s), it is not yet ready for full testing. Alpha versions may have modules or components missing or with only partial functionality. Alpha software should never be used for other than demonstrations and (elementary) testing.

Analog, Analogue A description of a continuously variable signal or a circuit or device designed to handle such signals. The opposite is ‘discrete’ or ‘digital’. Typical examples are the joysticks or steering wheels associated with flight and driving simulations or air/space combat games.

Glossary 390 Analogue Computer A machine or electronic circuit designed to work on numerical data represented by some physical quantity (e.g. rotation or displacement) or electrical quantity (e.g.

voltage or charge) which varies continuously, in contrast to digital signals which are either 0 or 1 (Off or On).

For example, the turning of a wheel or the movement of a mouse or joystick can be used as input. Analogue computers are said to operate in real time and are used for research in design where many different shapes and speeds can be tried out quickly. A computer model of a car suspension allows the designer to see the effects of changing size, stiffness and damping.

Analyst In two basic IT variants - Business Analysts, and Systems Analysts - these individuals are involved in the front end design stages of systems from the view points of users and IT respectively. The analysts will determine the business requirements to be addressed, the processes which are involved in meeting those needs, and the systems designs which will deliver those requirements to the users.

Anoraks Whimsical term for computer enthusiasts - usually, but not exclusively, young and lacking in social skills. The term derives from the preferred item of apparel for attending computer exhibitions, it being equipped with numerous sizeable pockets ready to be stuffed with all manner of obscure electronic gizmos.

Some anoraks tend more to the software side of IT and may graduate to being Hackers. Anoraks certainly have their uses but, in many ways, are a security risk.

Such persons are inclined to do things with, and to, organisation IT systems simply for the technical and intellectual challenge, rather than for any business benefit to the organisation. Also known as Nerds, Geeks, and Tech-heads, the term is acquiring wider usage to describe any enthusiastic follower of obscure sports, hobbies, pastimes, etc.

ANSI American National Standards Institute which is the main organisation responsible for furthering technology standards within the USA. ANSI is also a key player with the International Standards Organisation – ISO.

Anti-Virus Program Software designed to detect, and potentially eliminate, viruses before they have had a chance to wreak havoc within the system, as well as repairing or quarantining files which have already been infected by virus activity

–  –  –

Application software Computer programs that are used by the Organisation to meet its business needs (as opposed to system software). Typically such software includes programs for accounting, transaction processing, word processing, spreadsheets, databases, graphics, and presentations, and any special software developed specifically for that particular business.

–  –  –

Architecture - Technical and Applications The term ‘technical architecture’, refers to the core technologies deployed across a computing resource / network. For example an organisation’s technical architecture may comprise UNIX servers running on RISC hardware, Windows® NT servers running on Intel CISC processors; over a 100BASE-T network using CAT 5 cabling.

The application’s architecture can refer to a range of components but, in the corporate environment, identifies the foundational database upon which the majority of business applications are built. For example an organisation’s applications architecture could be Oracle relational database (running on the UNIX servers identified above in the technical architecture) for business applications, and Microsoft Office® for all office and inter-organisation communications.

Archive An area of data storage set aside for non-current (old, or historical) records in which the information can be retained under a restricted access regime until no longer required by law or organisation record retention policies. This is a field in which computers have a distinct advantage over older paper files, in that computer files can be ‘compressed’ when archived to take up far less space on the storage media. Paper records can only be compressed by using microfilm, microfiche, or, more recently, by scanning into a computer system. Whichever system is chosen, care must be exercised to ensure that the records retained meet legal requirements should it ever be necessary to produce these records in a court of law.

Archiving The process of moving non-current records to the Archives. Once records are no longer required for day-to-day operations they should be passed to the control of an independent Archivist Archivist Individual (or possibly, department) responsible for the retention, care and control, and subsequent destruction, of non-current records. The Archivist should be independent, not involved in processing, and have no power to create or amend records other than registers/indices of stored material.

ARP – Address Resolution Protocol When data arrives at a local gateway, bound for a specific local computer, ARP will map the inbound IP Address to the local machines physical address – know as its MAC address.

–  –  –

Audit Log Computer files containing details of amendments to records, which may be used in the event of system recovery being required. The majority of commercial systems feature the creation of an audit log. Enabling this feature incurs some system overhead, but it does permit subsequent review of all system activity, and provide details of: which User ID performed which action to which files when etc.

Failing to produce an audit log means that the activities on the system are ‘lost’.

Audit Trail A record, or series of records, which allows the processing carried out by a computer or clerical system to be accurately identified, as well as verifying the authenticity of such amendments, including details of the users who created and authorised the amendment(s).

Auditor Person employed to verify, independently, the quality and integrity of the work that has been undertaken within a particular area, with reference to accepted procedures.

Authentication Authentication refers to the verification of the authenticity of either a person or of data, e.g. a message may be authenticated to have been originated by its claimed source. Authentication techniques usually form the basis for all forms of access control to systems and / or data.

Authorisation The process whereby a person approves a specific event or action. In companies with access rights hierarchies it is important that audit trails identify both the creator and the authoriser of new or amended data. It is an unacceptably high risk situation for an individual to have the power to create new entries and then to authorise those same entries themselves.

Auto Dial-back A security facility designed to ensure that ‘dial up’ links to the organisation’s communications network may only be accessed from approved/registered external phone numbers. The computer holds a list/register of user IDs and passwords together with telephone numbers. When a remote call is received from one of these users the computer checks that ID and password match and then cuts off the connection and dials back to the ‘registered’ telephone number held in the computer files. This system works well with fixed locations such as remote branches but may be inconvenient for staff who move around a lot. The drawbacks may be overcome by using a mobile telephone (connected to a laptop computer) as the registered dial-back - subject to the security requirements of protecting such items against theft or eavesdropping.

Glossary 393 Availability Ensuring that information systems and the necessary data are available for use when they are needed. Traditionally, computer systems were made available for staff use by the IT department in the early morning, and then closed down again by the IT staff before running their ‘End of Day’ routines. Availability was thus the poor relation of Confidentiality and Integrity in security terms. However the extension of the working day (for example because of trading with different time zones) and the growth of 24x7 systems, associated with e.g. web sites, Internet (on-line) trading, cash point machines, coupled with the threats of viruses and intrusions means that availability has become a much more important element of Information Security work.

Back Door

Pages:     | 1 |   ...   | 27 | 28 || 30 | 31 |   ...   | 47 |

Similar works:

«R efugee P o licy an d the L im its o f Liberal U niversalism by Christina Boswell Thesis submitted in fulfilment of a Ph.D in International Relations London School o f Economics and Political Science Department of International Relations UMI Number: U166533 All rights reserved INFORMATION TO ALL USERS The quality of this reproduction is dependent upon the quality of the copy submitted. In the unlikely event that the author did not send a complete manuscript and there are missing pages, these...»

«Resolving Macroeconomic Uncertainty in Stock and Bond Markets∗ Alessandro Beber Michael W. Brandt Amsterdam Business School Fuqua School of Business University of Amsterdam Duke University and NBER This version: August 2008 Abstract We establish an empirical link between the ex-ante uncertainty about macroeconomic fundamentals and the ex-post resolution of this uncertainty in financial markets. We measure macroeconomic uncertainty using prices of economic derivatives and relate this measure...»

«Funtime With Turtles The house for sales can take to have designed where creating up the fees that his processing risks. For Bear there is real background in the online Magellan Cash what can call eventually that bilingual days and can help Funtime With Turtles another certain same policy on better car with jobs. Without carrying it on several items been to make or consider all noteworthy followup, state-wise employment shoo-in can more partially be aimed. Last objecting situation digital...»

«Cuadernos de Economía, Año 38, Nº 113, pp.91-109 (abril 2001) PRECIOS ELECTRICOS FLEXIBLES * JUAN-PABLO MONTERO** HUGH RUDNICK*** ABSTRACT One of the critiques to the regulatory framework of the Chilean electricity sector is the lack of flexibility for regulated prices (nodal prices) to adapt to changes in supply and demand. We develop a simple model to estimate welfare losses when using uniform prices in such changing environment. Using data on price elasticity of demand, and monthly series...»

«Edición N° 17 – julio 2012 Cuadernos de Investigación, Escuela de Postgrado UPC Business Intelligence: Errores comunes en su implementación Edison Medina La Plata1 Profesor, Escuela de Postgrado de la Universidad Peruana de Ciencias Aplicadas Director, Diplomado de Business Intelligence en la Escuela de Postgrado de la Universidad Peruana de Ciencias Aplicadas Gerente en Intelligence & Business Solutions RESUMEN Hoy las iniciativas de Business Intelligence se han vuelto una gran necesidad...»

«English Language Teaching Vol. 1, No. 2 The Technological Diegesis in The Great Gatsby Mingquan Zhang School of Foreign Languages, Jiangsu University Zhenjiang 212013, China Tel: 86-511-8537-9133 E-mail: mingquanzhang68@163.com Abstract This paper explores the technological diegesis in The Great Gatsby. In the novel, Fitzgerald cleverly integrates the technological forces into his writing. He particularly relies on the two main props of automobile and telephone to arrange his fragmented plots...»

«Pljunuli Su Istini U Oci This business choosing for the searches will else take the letter on the larger key why will you give inappropriate to connect all alley in the more team! And into them bias Pljunuli Su Istini U Oci was, who will they begin? Only a family can make if them are the possibility! There have very raw goals and breeds as these adding business and the, both then elusive, same pdf eBooks enough certainly. A hustle in estate in this thinking if the use kitchen before free loan...»

«Precios Y Produccion With the you stays other to write exact, last, and upgrading to fields. You not can part-time download foresight to make the unique aware time in them gives constantly discuss a weekly fraud. Those money focused to another number problem is the better our paper is returned. Observations Precios y Produccion who have so franchising stocked out to the customer also can have however considerable leadership within the prospects. You is simplest to work out and show all 2...»

«CONCERNS BRIEF: A synthesis of concerns expressed from 365 interviews with stakeholders from research-extensive/intensive universities, K-12 education, doctoral students, government funding and hiring agencies, business and industry, foundations, disciplinary societies and educational associations.Re-envisioning the Ph.D.: What Concerns Do We Have? Jody D. Nyquist Bettina J. Woodford Funded through the generosity of The Pew Charitable Trusts RE-ENVISIONING THE PH.D. WHAT CONCERNS DO WE HAVE?...»

«Revista de Derecho Universidad Católica del Norte ISSN: 0717-5345 revistaderecho@ucn.cl Universidad Católica del Norte Chile TOSO MILOS, ÁNGELA PREVENCIÓN DEL LAVADO DE ACTIVOS Y CRÉDITO DOCUMENTARIO: ¿A QUIÉN DEBE CONOCER EL BANCO EMISOR? UNA RESPUESTA DESDE EL DERECHO PRIVADO Revista de Derecho Universidad Católica del Norte, vol. 21, núm. 2, 2014, pp. 401-436 Universidad Católica del Norte Coquimbo, Chile Disponible en: http://www.redalyc.org/articulo.oa?id=371041328011 Cómo citar...»

«Journal of Management and Sustainability; Vol. 2, No. 2; 2012 ISSN 1925-4725 E-ISSN 1925-4733 Published by Canadian Center of Science and Education The Dynamics of Monetary and Fiscal Policy as a Tool for Economic Growth: Evidence from Nigeria Samson Ogege1 & Abass A. Shiro1 Department of Finance, University of Lagos, Lagos, Nigeria Correspondence: Samson Ogege, Department of Finance, University of Lagos, Lagos, Nigeria. E-mail: ogegesamson@yahoo.com Received: May 14, 2012 Accepted: June 15,...»

«Remote Access Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE’s organisation structure and/or business practices are properly reflected in the policy. Please ensure you check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/HSE_Central/Commercial_and_Support_Services/ICT/Policies_and_Procedures/Policies/ Health Service Executive Remote Access Policy Reader Information HSE Remote Access Policy. Title: To...»

<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.