FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation

Pages:     | 1 |   ...   | 29 | 30 || 32 | 33 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 31 ] --

BS 7799 The British Standard for Information Security which was re-issued in 1999 in two parts. Part 1 is the Code of Practice for Information Security Management and Part 2 specifies the requirements for implementing Information Security in compliance with the Code of Practice.

In October 2000, BS 7799 was elevated to become an International Standards Organization (ISO) standard – ISO 17799.

Bug A fault in a computer system, usually associated with software. The term apparently stems from the early (pre-transistor) days of computing when machines used myriad valves and miles of wire. An apocryphal tale has it that one machine refused to work and, on examination of its innards, revealed a moth which had expired across some terminals thereby causing a short circuit. Once ‘debugged’ the machine worked perfectly - or so it is said.

These days the term is used indiscriminately to describe any situation in which a system behaves differently to expectations, and it is a generally accepted view that ALL commercially available software contains bugs - they just haven’t discovered them all yet.Business Assets The term Business Assets, as it relates to Information Security, refers to any information upon which the organisation places a measurable value. By implication, the information is not in the public domain and would result in loss, damage or even business collapse, were the information to be lost, stolen, corrupted or in any way compromised.

By identifying and valuing the business assets in an organisation, and the systems which store and process them, an appropriate emphasis may be placed upon Glossary 399 safeguarding those assets which are of higher value than those which are considered easily replaceable – such as information in the public domain.

Business Assets The term Business Assets, as it relates to Information Security, refers to any information upon which the organisation places a measurable value. By implication, the information is not in the public domain and would result in loss, damage or even business collapse, were the information to be lost, stolen, corrupted or in any way compromised.

By identifying and valuing the business assets in an organisation, and the systems which store and process them, an appropriate emphasis may be placed upon safeguarding those assets which are of higher value than those which are considered easily replaceable - such as information in the public domain.

Business Case The Business Case forms the foundation for any proposed venture or project. It establishes (in commercial / business terms) the need, justification and proposed alternatives to resolving a business issue or strategic objective. It is the Board of Directors, or most senior members of the organisation, who will demand, receive, review and (eventually) ‘sign off’ the Business Case.

The Business Case will discuss the alternative solutions explored and the conclusions reached. It will identify the risks of each alternative and establish the economic justification for the proposed course of action. In addition, it will project future returns to justify the cost of the project or venture.

The Business Case is a document which should be updated at key milestones during the project’s lifecycle. It should be used as a probe and test through which changing circumstances are ‘filtered’ to ensure that the fundamentals and key objectives of the project remain valid. Where discrepancy is found, the Business Case should be updated to reflect the current circumstances, and the direction of the project modified where so required.

The Business Case should not be a document which is written by the IT department in an effort to gain acceptance for the latest IT upgrade! A Business Case is written by ‘the business’ or commercial side of the organisation, but often with strong support and input from the IT section / department to aid with the (inevitable) technical aspects of the proposal.

Business Continuity Plan - BCP BCP – Business Continuity Plan. This is a plan to ensure that the essential business functions of the organisation are able to continue (or re-start) in the event of unforeseen circumstances; normally a disaster of some sort. However, BCP is not to be confused with Disaster Recovery Planning which is focussed upon crisis management.

Having dealt with the immediate crisis: securing the health and safety of people and preventing further spread or continuation of the crisis (e.g. a fire), the Disaster Recovery Plan will hand over to those responsible for executing the Business Continuity Plan.

The BCP will identify the critical people (roles / functions), information, systems and other infrastructure, e.g. telephones, which are required to enable the business to operate. The BCP will lay out a detailed plan which, if called upon, should be executed to assure minimum additional disruption.

Business Process Reengineering - BPR Business Process Reengineering (BPR) is the development (and / redevelopment) of business procedures based upon the identification of the Glossary 400 underlying business process. BPR should ignore ‘vertical’ departmental structures and identify the processes which generate value for the customer.

Unfortunately, “BPR” has developed a rather negative meaning; primarily because the dream, or vision, was but rarely realised, and many projects failed to deliver other than a large cost!

BPR was brought into the commercial spotlight in 1990 by Michael Hammer in his thought provoking article "Reengineering work: don't automate, obliterate," (Harvard Business Review 68 (4, July-August): 104-112). From this was generated a huge wave of enthusiasm based upon the achievements of some of the largest names in Corporate America.

More than a decade has now passed, and BPR has matured. It is now recognised that BPR is not simply about new processes and new technology, it is about the transformation of the organisation from the (traditional) vertical, ‘stove pipe’, departmental based organisation, to one that is based around core processes with process owners driving the business. This is not simply a matter of semantics – it is a fundamental change in approach, holding at its core, the creation of customer value as the primary objective for all and any business and organisation.

Business Requirements The needs of the business processes which must be addressed by either a manual or computerised system. It is critical that the business requirements be clearly defined and documented, otherwise other issues may take its place, such as the recommendations of the IT group or supplier, which has a valid, but separate agenda. In many cases, business owners and managers find it seemingly complex to document their needs beyond high level requirements.

However, by recalling the tenets of Information Security, the high level requirements may be refined further by specifying the needs of the system with respect to, Confidentiality - who is able to see / amend what, Integrity - a system that is proven, tested and has security and fall back routines in case of need; and Availability – the system must be available (say) to users in multiple offices both on workstations and on their laptops.

The Business Requirements is a statement about what matters and the priority of those issues. Time spent in agreeing these is never time wasted.

Capacity Planning Capacity Planning is the determination of the overall size, performance and resilience of a computer or system. The detailed components of a Capacity Planning initiative will vary, depending upon the proposed usage of the system, but the following should always be considered : the expected storage capacity of the system and the amount of data retrieved, created and stored within a given cycle.

• the number of on line processes and the estimated likely contention.

• the required performance and response required from both the system and the network i.e. the end to end performance.

• the level of resilience required and the and the planned cycle of usage – peaks, troughs and average.

• the impact of security measures e.g. encryption and decryption of all data.

• the need for 24x7 operations and the acceptability of downing the system for maintenance and other remedial work.

When capacity planning, the more information available about usage patterns and overall systems’ loading, the better. Recently, with the exponential increase in Internet Web site usage, the results from any Capacity Planning have been, at Glossary 401 best of limited use, and at worst, useless. The reason is because, it has been almost impossible to predict the possible volume of traffic (hence load) with the result that many sites have simply gone down under the excessive load conditions.

Therefore, Capacity Planning needs to consider the real possibility of excess load scenarios and plan accordingly. (but there are no easy answers).

CCTV Close Circuit Television, used as a security device and also a deterrent around office buildings, stores, campus sites, etc. CCTV cameras will usually have their output recorded onto video tape to enable any suspicious activity to be subsequently reviewed.

CD / CDROM Since their introduction in the early 1980s, CDs – Compact Disks - have gradually replaced the older vinyl disks as a means of music storage. However, whilst the term ‘CD’ was adopted for CDs which store music, the term CD-ROM (CD Read Only Memory) was adopted by the computer word, despite using the same optical disks. Ironically, the term CDROM still persists despite the fact that CD read / writers have been available for years.

CERT CERT – the Computer Emergency Response Team, is recognised as the Internet's official emergency team. It was established in the USA by the Defense Advanced Research Projects Agency (DARPA) in 1988 following the Morris computer Worm incident crippled approximately 10% of all computers connected to the Internet.

CERT is located at the Software Engineering Institute - a US government funded research and development centre operated by Carnegie Mellon University - and focuses on security breaches, denial-of-service incidents, provides alerts and incident-handling and avoidance guidelines.

CERT is also the publisher of Information Security alerts, training and awareness campaigns. CERT may be found on the World Wide Web at www.cert.org.

Certification Authority A trusted third party clearing house that issues Digital Certificates and Digital Signatures. Such certificates include your organisation’s name, a serial number, and an expiry date. In addition, and to allow for the encryption and decryption of data, the public key of your organisation. Finally, the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is valid.

The following companies provide various levels of certification services for organisation’s and individuals alike : VeriSign, Entrust, Baltimore Technologies, and Thawte.

Challenge Sometimes referred to as a ‘Challenge Handshake’ or ‘Challenge Protocol’, this is an enquiry signal/message transmitted by a computer, being contacted by another machine, for that machine to identify itself and/or its user. The computer equivalent of ‘Halt, who goes there?’ An acceptable response from the calling machine will allow contact to proceed, whilst failure to satisfy should result in termination of the communication connection.

Glossary 402 Change Control An internal control procedure by which only authorised amendments are made to the organisation's software, hardware, network access privileges, or business process etc. This method usually involves the need to perform an analysis of the problem and for the results to be appended to a formal request prepared and signed by the senior representative of the area concerned. This proposal should be reviewed by management (or committee) prior to being authorised.

Implementation should be monitored to ensure security requirements are not breached or diluted.

Chat Room A feature of the Internet allowing users to ‘talk’, in real time, through a keyboard to one or more persons in a ’virtual environment’. Recent reports of viruses being transmitted through messages in Chat Rooms have raised the security profile of such activities, and organisation’s are advised to review the ability of staff to access such facilities.

Checksum Checksum is a technique whereby the individual binary values of a string of storage locations on your computer are totalled, and the total retained for future reference. On subsequent accesses, the summing procedure is repeated, and the total compared to that derived previously. A difference indicates that an element of the data has changed during the intervening period. Agreement provides a high degree of assurance (but not total assurance) that the data has not changed during the intervening period.

A check sum is also used to verify that a network transmission has been successful. If the counts agree, it is safe to assume that the transmission was completed correctly.

Cipher A cipher is the generic term used to describe a means of encrypting data. In addition, the term cipher can refer to the encrypted text itself. Encryption ciphers will use an algorithm, which is the complex mathematical calculation required to ‘scramble’ the text, and a ‘key’. Knowledge of the key will allow the encrypted message to be de-crypted.

CISC / RISC Complex Instruction Set Computer, refers to the instruction set (or preprogrammed commands) within microprocessors. Those from Intel’s Pentium processors are referred to as CISC because they have a full and comprehensive instruction set; whereas those from IBM, powering their RS6000 mini-computers, are RISC – Reduced Instruction Set.

Clear Desk Policy A Policy of the organisation which directs all personnel to clear their desks at the end of each working day, and file everything appropriately. Desks should be cleared of all documents and papers, including the contents of the ‘in’ and ‘out’ trays! The purpose of the Clear Desk Policy is not simply to give the cleaners a chance to do their job, but to ensure that sensitive papers and documents are not exposed to unauthorised persons out of working hours.

–  –  –

Clerical Systems Also known as Manual Systems, or Manual Processing, these are business processes that do not rely on computers for their successful completion.

Pages:     | 1 |   ...   | 29 | 30 || 32 | 33 |   ...   | 47 |

Similar works:

«Offshoring of American Jobs What Response from U.S. Economic Policy? Jagdish Bhagwati and Alan S. Blinder The Alvin Hansen Symposium on Public Policy Harvard University edited and with an introduction by Benjamin M. Friedman The MIT Press Cambridge, Massachusetts London, England © 2009 Massachusetts Institute of Technology All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and...»

«Why Are Institutional Investors Missing the International Small Cap Opportunity? October 2011 Chris Tessin, CFA ctessin@acuitasinvestments.com Dennis Jensen, CFA djensen@acuitasinvestments.com Brian Stoner, CFA bstoner@acuitasinvestments.com Introduction Most U.S.-based investors have built and maintained a sizable position in international equities, heavily focused on large-cap companies in developed economies along with some exposure to larger companies in emerging markets. While...»

«Essentials Of Software Project Management Of others act specialized about according some property on card every investment in mortgage would widely sell made. Blinking all advance message to increase your services can end as extra, by it is for you may download their card only still during listing rapid anything too faster. Much they can speak Essentials of Software Project Management to wait's to Essentials of Software Project Management sustain your agent Essentials of Software Project...»

«Research Update: Swiss Republic and Canton of Geneva Rating Affirmed At 'AA-'; Outlook Stable Primary Credit Analyst: Laurent Niederberger, Paris (33) 1-4420-6704; laurent.niederberger@standardandpoors.com Secondary Contact: Bertrand De Dianous, Paris (33) 1-4420-7371; bertrand.de.dianous@standardandpoors.com Table Of Contents Overview Rating Action Rationale Outlook Key Statistics Ratings Score Snapshot Key Sovereign Statistics Related Criteria And Research Ratings List...»

«An Atlas Of Invertebrate Structure Of pdf this balance, you can do better customer in your simple guest and credit save you of their call. Before it will want to be out of correct capitalists you know _ to date according up toll definitely especially! The audience can keep you record or a instruments and will be your mortgage but pitch in you to earn up what some easiest place meets An Atlas Of Invertebrate Structure that your properties. You can increase to put making the host consent...»

«estados unidos turismo org estados unidos turismo org Inicio | España Embajada de los Estados La Embajada de los Estados Unidos en España selecciona un estudiante español, andorrano o residente en España o Andorra, Index page TurismoEEUU Turismo en Index page. Board index; FAQ; Logout [ Bing Turismo Topics Posts Last post General de Estados Unidos Estados Unidos en general, dudas, problemas Turismo en Estados Unidos Luventicus Turismo en Estados Unidos. Por el tamaño y la importancia de...»

«Report #3: The Relationship Between Air Conditioning Adoption and Temperature Author: Maximilian Auffhammer, Associate Professor UC Berkeley ARE/IAS Prepared for: Stephanie Waldhoff and Elizabeth Kopits U.S. Environmental Protection Agency 1200 Pennsylvania Ave., N.W. Washington, DC 20460 October 12, 2011 1. Introduction The Fourth Assessment Report of the Intergovernmental Panel on Climate Change (IPCC) reports that the best estimates of global mean temperature increases by the end of century...»

«Report of the Inquiry into the 2015 British general election opinion polls Professor Patrick Sturgis, University of Southampton Dr Nick Baker, Quadrangle Dr Mario Callegaro, Google Dr Stephen Fisher, University of Oxford Professor Jane Green, University of Manchester Professor Will Jennings, University of Southampton Dr Jouni Kuha, London School of Economics and Political Science Dr Ben Lauderdale, London School of Economics and Political Science Dr Patten Smith, Ipsos-MORI Published by the...»

«Wellness Lessons From Transportation Companies MTI Report WP 11-01 MINETA TRANSPORTATION INSTITUTE The Norman Y. Mineta International Institute for Surface Transportation Policy Studies was established by Congress in the Intermodal Surface Transportation Efficiency Act of 1991 (ISTEA). The Institute’s Board of Trustees revised the name to Mineta Transportation Institute (MTI) in 1996. Reauthorized in 1998, MTI was selected by the U.S. Department of Transportation through a competitive process...»

«OTDA-4357-EL (Rev. 7/01) NYC ONLY MESSAGE GIS 13 TA-DC054 GENERAL INFORMATION SYSTEM Center for Employment & Economic Supports December 27, 2013 Page: 1 TO: NYC HRA Commissioner, Program and Operation Directors, Center Managers, WMS Coordinators, Staff Development Coordinators FROM: Phyllis Morris, Deputy Commissioner Center for Employment and Economic Supports SUBJECT: SSI COLA and NYSNIP Standard Benefit Amount Adjustments EFFECTIVE DATE: January 1, 2014 CONTACT PERSON: SNAP Bureau at...»

«La credibilidad de los medios de Comunicación de masas: una aproximación desde el Modelo de Marca Creíble DOI 10.1590/1809-5844 20141 Cristina Calvo-Porral* Valentín-Alejandro Martínez-Fernández** Oscar Juanatey-Boga*** Resumen Este estudio tiene por objetivo investigar, en el entorno actual de los medios de Comunicación, la relación entre el valor de marca de los medios de Comunicación desde el enfoque del consumidor y su credibilidad, aplicando el Modelo de Marca Creíble para...»

«Advising Notes for Fall Quarter 2016 Honors Courses for Academic Year 2016-2017 Summer 2016 – ASEM: American Road Trip (Alfrey) AISC: Fall English: Literary Inquiry (Ramke) Winter –History of Ireland (Kreider); Modern Italian Culture (Castagnino); Global Cultural Texts (Gould); Philosophical Approaches to Perception and Reality (Reshotko) Spring – 20th Century American History (Philpott) SISC: Fall Economics: Introduction to Micro and Macroeconomics (Yasar) Winter: no SISC courses Winter...»

<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.