«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»
Fixed Storage The internal media used by a computer to store files, data, programs etc, and usually referred to as the Fixed Disk(s) or Hard Drive(s). Fixed storage devices
Flag A message indication, sometimes, but not always, a warning to a user, which appears when a certain event takes place. For example, an inventory monitoring program may well ‘flag’ certain products when stocks fall below a predetermined level, to alert the user to re-order.
An alternative use is to warn of an event which will take place in the future, but has not yet occurred, for example, a financial institution aware of large cheque-based transaction on a customer’s account may ‘flag’ the account to avoid an unauthorised overdraft.
Flags may be generated manually or automatically, depending on circumstances.
In the case of the stock monitoring this would be automatic, while the cheque transaction example would be processed manually.
Automatic flags serve a useful purpose in drawing users’ attention to situations which otherwise may be overlooked.
Flame ‘Flame’ is abusive communication by E-mail or posting to a newsgroup, which attacks an individual or organisation for some real or imagined grievance. The real problem is broader than that of a few rude e-mails: flame represents the anarchistic side of the Internet. The flame may start with only one abusive message, but it is broadcast so widely that large numbers of unconnected browsers join in - often on both sides of the argument. This can lead to ‘Flame Wars’, where the traffic load becomes so high that communications network performance degrades, and E-mail boxes become blocked - as is the case with bottlenecking and mail bombing.
Problems for companies may arise if a member of staff has used an organisation’s e-mail address to start the flame - another reason to monitor staff activities.
Flame has some redeeming features. Deeply unpleasant (or disturbed) individuals who posted lengthy racist (or sexist, or some other -ist) diatribes have found themselves flamed off the Net….
Flame Bait A Usenet posting or other message intended to trigger a flame war, or one that invites flames in reply. Acceptable for Usenet posters on a domestic machine, but not recommended in the office!
Flash Two meanings. Firstly, Similar to a Flag but more obvious and usually more urgent, or more serious, a Flash is a visual warning to a user, often associated with security control procedures. For example, if a user who is already logged on at one computer attempts to also log on at a second terminal, the system will Flash the IT supervisor console to warn of possible attempted breach of security.
Secondly; Flash is a technology being used to provide complex animation and sound on Web sites. It is extremely popular!
Glossary 432 Floppy disks Floppy Disks are removable magnetic storage disks, used in personal computers and servers, to save data. Before 1987, floppy disks were 5.25 inches in diameter and flexible, hence the term ‘floppy’. Despite the introduction of the 3.5 inch diskette in a hard plastic outer casing, the term ‘floppy’ still persists. In much of the IT world, their use has been almost totally replaced by CDs and Zip Disks. As of 2001, the re-writable 17GB Digital Versatile Disk (DVD) is available, which in turn replaces the CD (CD-ROM) and its 670 MB capacity.
Freeware Literally, software provided for free - no charge. This is not as uncommon as might be expected. Major software developers often give away old versions of their products to allow users to try them at no charge and, hopefully, succeed in tempting them to purchase the current release.
Independent developers may give away small programs to establish a reputation for useful software, which then enables them to charge. Cover disks attached to a computer magazine often contain Freeware.
As with Shareware, Freeware should be approached with caution, and staff dissuaded from trying out their new Freeware on organisation equipment.
Freeze / Hang When an application ‘freezes’, or ‘hangs,’ it no longer accepts any input, whether from the keyboard or the mouse. Occasionally, a frozen application will return to normal: the problem may have been related to (say) a disk write command that did not execute, resulting in an time out, but with control retuned to the user.
Applications which freeze may also crash the operating system, especially of a PC. However, the latest release of Windows® (the Millennium Edition) resolves this problem. Freezes followed by the need to re-boot and the possible loss of all current data are becoming less common.
FriodeA FRIed diode.
Full Monty / Monte Anorak’s PC fully loaded with every possible option and accessory, many of which will now be obsolete but ‘cannot be thrown away’. Typically such a machine will run dual processors, and, amongst other things, have: several hard disks, ZIP, JAZZ, DAT, CD, CDR, CDRW, DVD, LS120, and ‘Super-Floppy’ drives, bespoke Tower case, Touchscreen, 23’ Monitor, IR/Wireless keyboard and mouse, voice control, surround sound system with super bass woofer, 32Mb Video card with PAL output to Videowall projector, graphics editing suite, mixer desk and graphic equaliser, flight yoke and weapons system, steering wheel and pedals, flatbed and hand-held scanners, at least two printers, videoconferencing, digitising pad, light pen, headset, Wireless networking, Digicam, Webcam, UPS, Backup generator, and more ports and connector slots than you could shake a stick at.
Functional Requirements Specification A comprehensive document, detailing what is required of an installation to meet the business needs of users. Such a document can run to considerable length Glossary 433 and would normally be prepared by Analysts, who can speak the language of both business and IT; effectively, they act as interpreters between technical and nontechnical areas.
As a basic principle, developments within commercial enterprises should be userdriven. The first step is to devise a Functional Specification, also known as the Functional Requirements Specification, (FRS). This leads naturally to the Technical Specification and then, if necessary, to a Request For Proposal (RFP).
Future Proof A term often used by system sales persons, who claim, almost incredibly, that their product will not become technologically outdated - at least not for the next few weeks!
Games A Game is an item of entertainment software that provides enjoyment for the user but does not benefit the Organisation. It can be ill-advised to allow games onto an organisation system, especially those which allow a number of players to take part simultaneously through network connections. Networks have been brought almost to a halt by the sheer volume of traffic generated by staff playing games such as MUD (the Multi-User Dungeon game) and DOOM.
There are exceptions. Some ‘games’ have a useful training element and can be used to simulate real situations, for example Air Traffic Control simulations have been used to gauge users’ ability to handle multiple variables and make decisions under pressure. Others have been designed specifically for training or assessment of abilities in business-specific situations, such as a Dealing Game for prospective Foreign Exchange traders.
Organisation policy should state the organisation’s position regarding game software. Policy-makers would be well advised to restrict the use of games software to specific machines, not connected to the main system, for example computers in the Training Centre or in a staff recreation area.
Geek Alternative term for an Anorak. Geeks are not normally malevolent, but their unquenchable desire to fiddle with pieces of equipment or software can lead to considerable trouble.
Ghost An identity that does not relate to a real person. It is not unknown for staff with the necessary IT skills to create a fictitious user with a password which allows that user to access the system with impunity, knowing that an audit trail will lead nowhere. Ghosts may also appear on the payroll, courtesy of a user who has the power to create new files in the personnel and payroll systems.
The creation of user profiles and the granting of logical access rights is a high security function and must be strictly monitored, preferably with dual controls for creation and authorisation.
Gopher A popular distributed document retrieval system which started at the university of Minnesota. Many hosts on the Internet now run Gopher servers which provide a menu of documents. A document may be a plain text file, sound, image, submenu,
Grass Line Slang term for the telephone hotline operated by FAST -the Federation Against Software Theft. FAST exists to try and eradicate the illegal/unlicensed use of proprietary software and operates an informer service which can be used to provide information about companies or individuals. Several companies have been surprised to find that they have been reported and subsequently. Depending upon the circumstances and severity of the case, informers can claim rewards amounting to several thousand pounds.
Companies must ensure that ALL software used on their systems is properly licensed.
Guest An occasional user of system who does not have a personal/ unique user ID and password but logs on infrequently as ‘Guest’. This practice is quite common in offices where staff usually work in other locations and only log on as guests to the main system when in the base office. Guest passwords may also be granted to persons temporarily associated with the organisation, such as short term temporary staff, students, trainees, etc.
Since they are often not specific to a named individual, Guest passwords should normally allow only minimal access rights. ‘Guests’ are also commonly known as ‘Visitors’.
Hacker An individual whose primary aim in life is to penetrate the security defences of large, sophisticated, computer systems. A truly skilled hacker can penetrate a system right to the core, and withdraw again, without leaving a trace of the activity.
Fortunately such individuals are relatively rare, (although the numbers are growing), and the majority of those persons which the media are prone to call Hackers are really only Anoraks, Geeks, etc., or possibly Proto-Hackers who can penetrate some systems and leave childish messages to prove how smart they are. Proto-Hackers are those who aspire to Hackerdom but have not yet acquired the necessary skills to get past serious security measures without setting off alarm systems.
Hackers, of whatever variety, are a threat to all computer systems which allow access from outside the organisation’s premises, and the fact that most ‘Hacking’ is just an intellectual challenge should not allow it to be dismissed as a prank.
Clumsy hacking can do extensive damage to systems even when such damage was not intentional.
Statistics suggest that the world’s primary Hacker target - the Pentagon - is attacked, on average, once every three minutes. How many of those attacks are from Hackers and how many from Government Agencies, criminals, and terrorists, around the world is another question entirely.....
The term is also applied (possibly unfairly) to those individuals who do not attack or attempt to penetrate computer systems, but use their skill to Hack commercially available packages, usually game software, to give themselves some advantage, make the game harder or different, etc. Such Hacks are often published in computer magazines as ‘Hints, Tips, and Cheats’ - much to the annoyance of the developers. This type of Hacker is not normally a threat to organisation computer systems except, possibly those of game software development companies.
Glossary 435 Handshake An electronic exchange of signals between pieces of equipment (fax machines, computers, computers and printers, etc.,) to establish that each has the necessary protocols installed to allow communication between the units; sometimes, also to confirm identities so that transmissions are routed to the correct destination.
An extension of the normal confirmation routine is the Challenge Handshake that is a demand for proof of identity and authorisation.
Harassment The UK Protection from Harassment Act 1997 makes provision for protecting people from harassment and ‘similar conduct’. It states that a person must not carry out actions which amount to harassment, or which they know may be regarded by the other person as harassment.
Claimants of harassment may be awarded damages for any anxiety caused by the harassment. An additional offence relates to putting the fear of violence on a person In terms of Information Security, harassment by e-mail or via chat rooms may be punishable under this law.
Hardware Physical equipment:- processors, screens, keyboards, mice, printers, scanners, network routers, hubs, bridges, racking, disk drives, portable drives, etc.
If you can kick it, it’s hardware!
Hardware Inventory Master Hardware Inventory - A detailed list of all hardware owned by the organisation, showing, amongst other things:- type, make, model, specifications, cost, location, user(s), and asset reference number.
Unit Hardware Inventory - an equally detailed list of hardware in order of user (individual or department). This sheet may be used for Audit checks to confirm that any given user still has the equipment detailed and no unauthorised additions, removals, or modifications have been made.
Hardware Platform The term ‘platform’ refers to the hardware and operating system architecture, in which an application runs.
Health and Safety Compliance with Health and Safety regulations is mandatory in most countries. In relation to Information Security, compliance is beneficial to security as the working environment and the precautions taken help reduce risks.