FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation

Pages:     | 1 |   ...   | 34 | 35 || 37 | 38 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 36 ] --

Therefore, when e-mail is sent, even using a Digital Certificate, certified delivery to the recipient(s) is lacking. Best Practice is to request safe receipt from the recipient(s).

• It does not carry any legal validity. Unless sent using a Digital Signature an e-mail does not carry the legal validity as enjoyed by hard copy or signed fax transmission. However, legal reliance upon an email sent using a Digital Signature cannot necessarily be relied upon as it was only in 2000 that the US and UK accepted that such e-mails could be used as legally binding documents.

Glossary 426 E-mail Signature file The e-mail ‘signature’ or.sig (‘dot sig’), refers to the optional footer text appended to the end of each outward e-mail. Normally, a signature file includes the sender’s name, and other contact details e.g. telephone number and Web site address.

It should also contain a disclaimer. Consider the following :

***************************************************** Email Confidentiality Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or send this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail.

***************************************************** It could also include a disclaimer about the possibility of spreading a computer

virus :

***************************************************** Although this email has been scanned for the possible presence of computer viruses prior to despatch, we cannot be held responsible for any viruses or other material transmitted with, or as part of, this email without our knowledge.

***************************************************** Where the contents of the e-mail are those which, despite being sent from a corporate e-mail system, are the personal views of the sender, and should therefore be detached from any possible corporate view on the subject, the sender may incorporate the following in their e-mail footer.

***************************************************** The opinions expressed above are my own and are not those of any company or organisation.

***************************************************** Encryption The process by which data is temporarily re-arranged into an unreadable or unintelligible form for confidentiality, transmission, or other security purposes.

End of Day - eod A set or routines, programs etc., performed/run by IT department staff after normal close of business. With the advent of 24x7 processing, such routines may well now be run during the early hours of the morning and would include, for example, taking backups, running interest accruals on closing balances, checking files integrity etc.

–  –  –

End User License Agreement – EULA The End User License Agreement – or EULA - is a legally binding contract between the developer or publisher of a software program (or application) and the purchaser of that software. However, unlike the purchase of goods or services, the Glossary 427 EULA is, as its name implies, a license agreement. In other words, the purchaser does not own the software, they merely have a right to use it in accordance with the licence agreement.

During the install of package software, the purchaser is shown the contents of the EULA and is often required to scroll down through the EULA, at the bottom of which, one may Accept or Refuse the terms of the EULA. By enforcing the need to scroll through the EULA, a user would be unlikely to succeed in any action to deny acceptance of the terms of the EULA.

In some cases, the EULA is written on the outside of the packaging with the breaking of the seal to the CD, indicating acceptance of the EULA.

In all cases, the EULA is the contract which users ignore at their peril; and whilst most EULAs contains broadly similar clauses and restrictions, it is important to confirm these before committing your organisation.

Microsoft has helpfully provided detailed information about its own EULAs at www.microsoft.com/education/license/eula.asp.

Enforced Path Normally, a user with the appropriate access control, is able to use any PC or workstation on the local area network to run an application or access certain data.

However, where such data or system is classified as sensitive or requires restricted physical access, an enforced path may be applied. This is a straightforward configuration setting, performed by the Systems Administrator, whereby access is restricted to a specific workstation or range of workstations.

Enforcing the path will provide added security because it reduces the risk of unauthorised access; especially where such a workstation is itself within a secure zone, requiring physical access codes / keys etc.

Enhancement In theory, an improvement in hardware or software over the current version. In practice, enhancements are often merely vehicles to introduce some ‘new’ features into a package before withdrawing support for the current product, thereby pushing users towards upgrading their systems - at a price.

Error Log An error log records any abnormal activity on application software, usually in simple / plain text (ASCII). Each (main) application generates its own logs, and it is the responsibility of Systems Operations to retrieve and scrutinise them for any processing errors.

Escrow A legal provision whereby, in the event of a developer/supplier failing or otherwise ceasing to trade, the source code for their packaged software is made available to licensed / registered users, thereby enabling its ongoing maintenance.

e-Trading e-Trading is that part of e-Commerce which specialises in financial services. It deals in corporate paper (e.g. stocks and shares), the purchase of commodities, and currencies etc. It can be Business-to-Consumer or Business-to-Business.

–  –  –

Expectations Mismatch Expectations mismatch refers to the all too common condition whereby the customer’s expectations are different from those of the supplier and is one of the most common reasons for systems projects to falter. No matter which project or initiative is concerned, always ensure that expectations remain synchronised throughout the project.

The seeds for such mismatch are normally sown early on in the project, where the vendor presents a solution to the need as they perceive it, and the organisation believes that the vendor’s system can meet their needs; such belief often being based upon the verbal assurances given by the vendor.

It is strongly recommended that, as negotiations are progressing, the organisation documents precisely what it expects each party to provide and, more importantly, what each is not expecting to do / provide.

Example : a major systems vendor contracted with a bank to deliver a new system where the vendor contracted to implement the system. The bank’s management, and its project team, understood this to mean ‘set up and configure the system, to enable us to use it’ (in a live environment). The vendor refuted this, and suggested that implement meant to load up the software and test that it was working. Any required support for a ‘migration to live operations’ would be at additional cost…….

The project faltered and nearly failed.

Expectations mismatch occurs most often where plans are inadequate with the consequence that, when the detail tasks are to be performed, one or both parties presume that it is the responsibility of the other party and each then ‘points the finger’ at the other party. Avoid this with a formal approach to project management.

Expiry The point/date by which an event (such as changing a password) must take place.

Extranet An Extranet is a private network which uses the Internet protocols and extends beyond an organisation’s premises, typically to allow access by clients, suppliers, or selected third parties.

Extranets require strong security if they are to prevent unauthorised access. This can range from a relatively simple User ID and password to the use of Digital Certificates, User IDs and passwords, with, naturally, end to end encryption of data.

Fallback Procedures Fallback procedures are particular business procedures and measures, undertaken when events have triggered the execution of either a Business Continuity Plan or a Contingency Plan.

Glossary 429 Fax / Facsimile Machines Whilst the use of faxes is being eclipsed by that of e-mail, they are still preferred where a legal record of transmission and delivery is required.

Fax machines operate by incorporating 3 technologies into a single unit : a scanner to convert a page into a graphical image; a printer to print the resultant image and a modem to transmit the data across the public telephone network.

Despite the fact that fax images can be tampered with as easily as any other form of electronic data format, they have nevertheless become accepted as bona fide documents for legal purposes.

Great care should be exercised when accepting a fax as genuine because its Integrity may be questionable, as there is no data validation or authentication between sending and receiving parties. Any fax machine can use the Calling Station IDentifier (CSID) as it so wishes and, whilst some software can check the name of the CSID before transmission, this is of limited value where robust security is required.

Faxes should not be used for Confidential information where the Integrity of the information is paramount. In an effort to reduce the risk, callers and senders will often (physically) watch over the fax machine in order to capture the expected fax.

However, it is ‘wide open’ from a security perspective and, because fax machine numbers are so publicly available, a ‘tap’ on the line could indeed intercept faxes.

Features / Glitches (Bugs) Within the IT community, the term ‘bug’ is frowned upon, and is often replaced with the quaint term ‘feature’ or, a ‘glitch’. Irrespective of how it is described, it remains a Bug !

Finagle's Law The ‘folk’ version of Murphy's Law, fully named ‘Finagle's Law of Dynamic Negatives’ and usually rendered ‘Anything that can go wrong, will.’. One variant favoured among hackers is ‘The perversity of the Universe tends towards a maximum.’. The label ‘Finagle's Law’ was popularised by SF author Larry Niven in several stories depicting a frontier culture of asteroid belt miners. This ‘Belter’ culture professed a religion and/or running joke involving the worship of the dreaded god Finagle and his mad prophet Murphy.

–  –  –

Fire-Resistant Storage Cabinet The legal records and documents of most organisations are likely to be in traditional paper / printer form. A fire resistant cabinet or safe is required to secure these documents from fire for a guaranteed period of time.

Firewalls Firewalls are security devices used to restrict access in communication networks.

They prevent computer access between networks (say from the Internet to your corporate network), and only allow access to services which are expressly registered. They also keep logs of all activity, which may be used in investigations.

Glossary 430 With the rapid growth in electronic communications - particularly via the Internet firewalls, and firewall software, are being installed which will allow remote users to access limited parts of the system but restrict further access without satisfying specific identification and authorisation requirements. For example; an organisations’ Web site will contain pages which are available to any Internet ‘surfer’ but other areas will not be accessible without recognition of authorised user status by the system. See Extranet.

Firewall Machine. A dedicated gateway computer with special security precautions on it, used to service outside network, especially Internet, connections and dial-in lines. The idea is to protect a cluster of more loosely administered machines hidden behind it from intrusion. The typical firewall is an inexpensive microprocessor-based Unix machine with no critical data, with modems and public network ports on it, but just one carefully watched connection back to the rest of the cluster. The special precautions may include threat monitoring, call-back, and even a complete iron box which can be keyed to particular incoming IDs or activity patterns.

Firewall Code. The code put in a system (say, a telephone switch) to make sure that the users can't do any damage. Since users always want to be able to do everything but never want to suffer for any mistakes, the construction of a firewall is a question not only of defensive coding but also of interface presentation, so that users don't even get curious about those corners of a system where they can burn themselves.

Firmware A sort of ‘halfway house’ between Hardware and Software. Firmware often takes the form of a device which is attached to, or built into, a computer - such as a ROM chip - which performs some software function but is not a program in the sense of being installed and run from the computer’s storage media.

Fit for Purpose Fit for Purpose is a general expression which can be useful to ensure that Information Security solutions are appropriate for your organisation. Vendors will sometimes attempt to ‘fit’ their solution to your problem. Fit for Purpose is an expression which, when used within the solution negotiation context, places an onus of responsibility upon the vendor to ensure that its solution is (indeed) fit for the purpose which their client expects.

Example : a well known systems company contracted for the sale of their system.

Inclusive in the price was one of week training in the system. During implementation it became apparent that one week for training was totally inadequate. The customer successfully claimed (prior to legal action) that the supplier’s solution was inadequate and hence not fit for purpose.

When considering Information Security solutions, it is good practice to remind any potential suppliers in your requirement that the solution must be fit for purpose.

See also Request For Proposal.

–  –  –

Pages:     | 1 |   ...   | 34 | 35 || 37 | 38 |   ...   | 47 |

Similar works:

«Somaliland’s Education Sector Strategic Plan 2012–2016 I Final draft SESSP 2012-2016 II Table of Contents Executive summary 1 1.0: Introduction 6 1.1: Document’s purpose 6 1.2: Plan structure 6 1.3: Educational planning for Somaliland 7 1.4: Key educational challenges 7 2.0: Context 8 2.1: Constitutional background 8 2.2: Economic setting 9 2.3: Pastoral nomads 10 2.4: National goals 11 3.0: Educational Objectives 12 3.1: National educational goals 12 3.2: Educational sector priorities 13...»

«1 EVALUACIÓN MULTIDIMENSIONAL DE LOS IMPACTOS DE LAS INNOVACIONES TECNOLÓGICAS: RESULTADOS OBTENIDOS A PARTIR DE DIFERENTES APROXIMACIONES METODOLÓGICAS Tesis Doctoral Doctorado Internacional en Creación y Gestión de Empresas Departament d'Economia de l'Empresa Universitat Autònoma de Barcelona Autora Director Graciela Vedovoto Dr. Diego Prior gvedovoto@gmail.com diego.prior@uab.cat BELLATERRA (CERDANYOLA DEL VALLES), OCTUBRE DE RESULTADOS INICIALES DE LA TESIS (PUBLICACIONES EN REVISTA Y...»

«LEGISLACION REGIONAL EN MATERIA DE DEFENSA DEL CONSUMIDOR Y DEFENSA DE LA COMPETENCIA Por Abog. Ma. Alejandra Guanes Velázquez1 INRODUCCIÓN: A partir de la distinción en el tratamiento jurídico que existe en materia de protección al consumidor y en materia de defensa de la competencia, en este artículo realizaremos una breve compilación legislativa existente en los países de la región. 1. LOS CONSUMIDORES. ANTECEDENTES Dentro del sistema social, llamamos consumidores a las personas...»

«A Study of the Make-up of Children’s Toy Collections Gilles Brougère This paper is a summary of research into the make-up of toy collections for children under the age of six. The research was conducted by GREC (Group for Research into Educational and Cultural Resources) at the University of Paris-Nord under the direction of Gilles Brougère, and financed by the “Fisher Price Observatoire” This research combines an analysis of data on toy consumption together with a qualitative study....»

«Holstein Foundation 2015 Holstein Dairy Bowl Practice Questions 1. Applying teat disinfectant immediately following teat cup removal is part of the NMC recommended control program. What does NMC stand for? National Mastitis Council (DHM 3/14 p. 14) 2. What two primary purposes does forestripping prior to unit attachment serve? Detection of abnormal milk, stimulation or improve milk quality (Hoard's Dairyman December 2013, p. 823) 3. Dividing the total dollars a dairy has in assets by the number...»

«ADBI Working Paper Series The Global Financial Crisis: Countercyclical Fiscal Policy Issues and Challenges in Malaysia, Indonesia, the Philippines, and Singapore Anita Doraisami No. 288 June 2011 Asian Development Bank Institute Anita Doraisami is research fellow at the Monash Asia Institute of Monash University, Melbourne, Australia. The author wishes to thank Ajay Shah, National Institute of Public Finance and Policy, New Delhi, India for his incisive comments. The views expressed in this...»

«Reinforcement of institutional and administrative capacity Standard Summary Project Fiche Project Number LI 9906.02 1. Title Internal Financial Control 2. Geographical Location The Ministry of Finance, J. Tumo-Vaizganto 8a/2, Vilnius Director V. Uziela, Treasury Department, Tel. +370 2 390060 3. Objectives The wider objective of this 0.75 MEUR Project is to develop internal financial control mechanisms in line with the medium-term objectives of the Accession Partnership and the NPAA. Its...»

«About the research Contribution of family migration to Australia Despite growing demand for partner and child visas there is scant evidence on the scope and magnitude of their contributions to Australia. This research, commissioned from experts from the Australian National University’s Australian Demographic and Social Research Institute, responds to this gap. It examines the characteristics of people who have migrated to Australia as partners, their social and economic contributions, the...»

«IMPLICACIONES ECONÓMICAS DE LA INNOVACIÓN TÉCNICA EN LA URSS.1. Introducción La mayor parte de economistas que analizaron les economías de los Países del Este Europeo coincidían en afirmar que uno de los problemas principales de estas economías era de índole tecnológica. Esta misma preocupación tuvieron los impulsores de la perestroika, ya que siguiendo la política de reformas liderada por Gorbatchov, pretendían cambiar lentamente una economía en crisis, mediante la aceleración...»

«Robin Roy Snyman A mobi life is various % companies as the performance in open-systems if they. Not you meets considered the population tiring a process to call of the way of the day with likely value blog. Also you execute the traditional company if the topic efforts, think a ad from our lenders or market services at a part estate. The regulatory action of resulting what provides the workrelated growth business involves to repay all rate accountant in the option who is within the seminars with...»

«YOUR BENEFITS GUIDE Welcome to your CIBC Aero Classic Visa Card * Benefits at a Glance YOUR PREMIUM PASSPORT TO REWARD TRAVEL Welcome to your CIBC Aero Classic Visa Card 1 Earn Rewards Faster 2 Insurance and Travel Benefits 3 Purchase Security and Extended Protection Insurance 3 CIBC Visa Auto Rental Collision/Loss Damage Insurance 3 Common Carrier Accident Insurance 3 Car Rental Discounts 3 Optional CIBC Travel Insurance 4 Visa payWave* 4 Chip-enabled CIBC Visa Card 5 Financial Benefits 6...»

«MOVILIDAD, TENENCIA Y DEMANDA DE VIVIENDA EN ESPAÑA Mª Consuelo Colom y Mª Cruz Molés* WP-EC 2003-18 Correspondencia a: Mª Cruz Molés, Departamento de Economía Aplicada, Universidad de Valencia, Edificio Departamental Oriental, Avda. de los Naranjos, s/n, 46022 Valencia, Tel.: 96 382 86 14, E-mail: Cruz.Moles@uv.es. Editor: Instituto Valenciano de Investigaciones Económicas, S.A. Primera Edición Octubre 2003 Depósito Legal: V-4507-2003 Los documentos de trabajo del IVIE ofrecen un...»

<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.