WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 36 | 37 || 39 | 40 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 38 ] --

Glossary 436 Help Desk Staff, either within the organisation IT Department or based at a hardware/software supplier, who are responsible for assisting non-technical staff in the use of computer systems, and resolving problems which may arise. Staffing a Help Desk is an ulcerous job and many Help Desks perform superbly, but... The telephone lines of external Help Desks are frequently engaged and if/when contact is finally made, users will discover that many Help Desk staff are undoubted experts in negotiating the very small print contained in contracts and warranty agreements. (See also Hose and Close).

HEX / Hexadecimal Hexadecimal, or ‘Hex’ for short is a numbering system using base 16 (as opposed to the usual base 10). Hex is a useful way to express binary computer numbers in which a byte is normally expressed as having 8 bits; with 2 hex characters representing eight binary digits – aka a byte.

‘Hex’ is word, sometimes used by ‘techies’ to throw ordinary users off the scent;

invariably it only clouds the issue!

Hex Editor Hex editors are commonly available ‘tools’ (or utilities) which allow the user to scrutinise and update the precise contents of the hard disk. Not only do they reveal the hexadecimal equivalent of the binary code in which the data is stored, but they also helpfully provide an ASCII converter which allows you to make sense of the contents. All fine so far. However, because they permit searches and updates, it is possible, indeed easy, to search for an expected string / word, and then update that string with a new value (e.g. by substituting the value ‘5644’ for ‘9480’). Because the number of bytes has remained the same, the data file in which this string is found, may not have been corrupted, however the integrity of the data has been destroyed, and the subsequent user of the file may have little evidence of such tapering.

In addition, a hex editor is able to reveal data believed to be safe within password protected files, or even data in files which have been deleted but have yet to be overwritten.

The use of checksums can confirm that a file has not been tampered with, even slightly. However, more fundamentally, Security Officers should endeavour to prevent hex editors from being loaded onto any of the organisation’s PCs / workstations in the first place.

Hose and Close An off-putting practice of some Technical Support / Help Desk staff. In response to a question from a distressed user, Support responds with a deluge of technobabble which the user doesn’t understand, issues a series of abstruse command instructions, which the user cannot follow, and then hangs up before the user can come back with a request for a simple explanation.

The tech support staff can mark another tick on the ‘support provided’ sheet, but the user is not only no further forward, but may also have been charged a premium rates per minute – just to be made to feel foolish.

Happily, there are a growing number of Tech Support hotlines which do communicate in plain language.

–  –  –

Hot Desking A relatively new approach to working whereby staff do not have their own, dedicated facilities, but share them with other workers – i.e. there are fewer desks and computers than there are staff.

Two kinds of situation are common :Call centres and similar functions which run 24x7 on shifts. As one staff member logs off and leaves, another takes over, logging on with a new ID and password.

2. ‘Field’ staff such as sales representatives check in to base to complete paperwork, upload/download files, etc.. Such staff will use any desk/computer that happens to be free.

In either case, password control systems and audit trails are essential to monitor which user is doing what, with which machine.

Hot Standby A contingency/fallback approach to maintaining system availability whereby a second system, with the same configuration as the main system is kept running often ‘mirroring’ the processing of the main system - ready to take over the processing load instantaneously, should there be any failure in the main system.

Housekeeping Routine care of a computer system to ensure that it is kept running in the most efficient manner. Housekeeping will normally include: routines to delete items such as temporary files (which are no longer required), identify and remove duplicates of files, check the integrity of the disk records and the magnetic coatings on the disk surfaces, and generally tidy up the filing system.

Housekeeping should not be restricted to the main system. It is just as useful for desktop machines and laptops - considering the circumstances under which they are used!

HTTP This protocol, the Hyper Text Transfer Protocol, is used for the transmission of information, graphics, sounds and animation between a client Web browser and the Web server.

HTTPS and SSL The Secure Hyper Text Transfer Protocol uses HTTP but additionally activates Web server security, in the form of Secure Sockets Layer (SSL). This means that the communications between the client and the (host) Web server are encrypted and, additionally, that the host Web server may be validated by the client using a Digital Certificate on the server.

–  –  –

Identity Hacking Posting on the Internet or Bulletin Board(s) anonymously, pseudonymously, or giving a completely false name/address/telephone with intent to deceive. This is a controversial activity, generating much discussion amongst those who maintain the net sites. There are two cases in which problems can be caused for organisations:a member of staff engages in such practices and is ‘found out’ by net users, thereby associating the organisation name with the activity.





2. a posting by an unrelated third party, pretending to be the organisation, or a representative.

In either case, if such posts are abusive, or otherwise intended to stir up an argument, the likely result is a Flame Attack, or Mail Bombing.

Impact Analysis As part of an Information Security Risk Assessment, you should identify the threats to your Business Assets and the impact such threats could have, if the threat resulted in a genuine incident.

Such analysis should quantify the value of the Business Assets being protected to decide on the appropriate level of safeguards.

Incursion A penetration of the system by an unauthorised source. Similar to an Intrusion, the primary difference is that Incursions are classed as ‘Hostile’.

Information Asset An Information Asset is a definable piece of information, stored in any manner which is recognised as ‘valuable’ to the organisation. The information which comprises an Information Asset, may be little more than a prospect name and address file; or it may be the plans for the release of the latest in a range of products to compete with competitors.

Irrespective, the nature of the information assets themselves, they all have one or more of the following characteristics : They are recognised to be of value to the organisation.

• They are not easily replaceable without cost, skill, time, resources or a combination.

• They form a part of the organisation’s corporate identity, without which, the organisation may be threatened.

• Their Data Classification would normally be Proprietary, Highly Confidential or even Top Secret.

It is the purpose of Information Security to identify the threats against, the risks and the associated potential damage to, and the safeguarding of Information Assets.

–  –  –

Information Owner The person who creates, or initiates the creation or storage of the information, is the initial owner. In an organisation, possibly with divisions, departments and sections, the owner becomes the unit itself with the person responsible, being the designated ‘head’ of that unit.

The Information Owner is responsible for ensuring that : An agreed classification hierarchy is agreed and that this is appropriate for the types of information processed for that business / unit.

• Classify all information stored into the agreed types and create an inventory (listing) of each type.

• For each document or file within each of the classification categories, append its agreed (confidentiality) classification. Its availability should be determined by the respective classification.

• Ensure that, for each classification type, the appropriate level of information security safeguards are available e.g. the logon controls and access permissions applied by the Information Custodian provide the required levels of confidentiality.

• Periodically, check to ensure that information continues to be classified appropriately and that the safeguards remain valid and operative.

Information Security Guidelines An Information Security Guidelines is a suggested action or recommendation to address an area of the Information Security Policy. A security guideline is not a mandatory action, and no disciplinary action should result from non adoption.

However, Information Security Guidelines are considered Best Practice and should be implemented whenever possible.

A guideline typically uses works like "should" or "may" in the definition. Guidelines are usually written for a particular environment and are used to help guide users’ actions. For example, "all successful logins should be logged and monitored." A guideline may apply to management, administrators, end users, or a specific group within the organisation.

Information Security Guidelines will usually supplement the Procedures Manuals with their adoption encouraged and promoted rather than enforced.

Information Security Incident An Information Security incident is an event which appears to be a breach of the organisation’s Information Security safeguards. It is important to respond calmly and to follow a logical procedure, first to prevent the breach from continuing, if possible, and second, to inform the appropriate person(s) within the organisation;

this usually includes the appointed Security Officer.

–  –  –

Information Security Plan The Information Security plan complements the IT Plan in so far as it documents, budgets and resources the upgrades to both hardware, software, training and procedures, in relation to Information Security.

The driving force behind the Information Security Plan will be the Security Officer with the executive sponsor likely to be the Chief Information Officer, or the Chief Executive Officer / Managing Director.

Information Security Policy Information Security Policy is an organisational document usually ratified by senior management and distributed throughout an organisation to anyone with access rights to the organisation’s IT systems and / or information resources.

The Information Security Policy aims to reduce the risk of, and minimise the effect (or cost) of, security incidents. It establishes the ground rules under which the organisation should operate its information systems. The formation of the Information Security Policy will be driven by many factors, a key one of which is risk. How much risk is the organisation willing and able to take?

The individual Information Security Policies should each be observed by personnel and contractors alike. Some policies will be observed only by persons with a specific job function, e.g. the System Administrator; other Policies will be complied with by all members of staff.

Compliance with the organisation’s Information Security Policy should be a incorporated with both the Terms and Conditions of Employment and also their Job Description.

Information Security Risk Assessment An Information Security Risk Assessment is an initiative which identifies :the nature and value of the Information Assets or Business Assets

2. the threats against those assets, both internal and external

3. the likelihood of those threats occurring

4. the impact upon the organisation.

Risk is defined as a danger, possibility of loss or injury; and the degree of probability of such loss. Before introducing Information Security safeguards, you must be aware of the dangers to which you are exposed, the risks and likelihood of such events taking place, and the estimated impact upon your organisation were each to actually occur.

In order to determine the overall level of Information Security safeguards required, you should consider performing a comprehensive Information Security Risk Assessment.

Information Systems The computer systems and information sources used by an organisation to support its day to day operations.

–  –  –

Information Warfare / Infowar Also Cyberwar and Netwar. Infowar is the use of information and information systems as weapons in a conflict in which the information and information systems themselves are the targets.

Infowar has been divided into three classes;Individual Privacy

2. Industrial and Economic Espionage

3. Global information warfare, i.e. Nation State versus Nation State.

Most organisations will not need to be concerned over classes I and III, but clearly Class II is relevant to any organisation wishing to protect its confidential information.

Input Describes, literally, (as a verb) the activity of ‘putting in’, or (as a noun) the material which has been put in, but, of course, being an IT expression, it has to be shortened and reversed.

Input may be manual or automatic, but in both cases the organisation system should have a means of checking the integrity of the material being entered and the authority of the originator to perform this function.

Interface Interfaces facilitate communication between different computer systems or allow people to communicate with machines (and vice versa). Interfaces can be software, such as the Graphical User Interface (GUI) of Microsoft Windows®, or hardware, e.g. the physical connections between, say, a simple terminal and a host computer. Interfaces use an agreed protocol (‘language’) to send and receive information from one machine to another.

International Organization for Standardization – ISO The International Organization for Standardization is a group of standards bodies from approximately 130 countries whose aim is to establish, promote and manage standards to facilitating the international exchange of goods and services.



Pages:     | 1 |   ...   | 36 | 37 || 39 | 40 |   ...   | 47 |


Similar works:

«Letters To Sir Edward Sugden On The Court Of Commissioners And Court Of Review An more your few multiple rate credit, a Letters to Sir Edward Sugden on the Court of Commissioners and Court of Review. later. Proving to your information department Call China Market for Us, Security handles breaking the getting business of a parygaming fine for services completely including that spreading your credit call tools in a more cost than wherein also to be your status offer. When still a convention that...»

«Naomi R. Lamoreaux, Kenneth L. Sokoloff, and Dhanoos Sutthiphisal Patent Alchemy: The Market for Technology in US History The literature on inventors has traditionally focused on entrepreneurs who exploited their ideas in their own businesses and on researchers who worked in large firms’ R&D laboratories. For most of US history, however, it was as common for inventors to profit from their ideas by selling off or licensing the patent rights. This article traces the different ways in which...»

«UNIDAD DE INTELIGENCIA FINANCIERA TIPOLOGÍAS DEL GAFI APLICABLES A LOS SECTORES ASEGURADOR Y DE REMESAS INTRODUCCIÓN La prevención del lavado de dinero (LD) y el financiamiento al terrorismo (FT) es hoy por hoy un tema con alta prioridad tanto a nivel nacional como internacional, pues se trata de fenómenos complejos con graves implicaciones económicas y sociales, en tanto permiten al crimen organizado financiar y mantener sus organizaciones delictivas, lo que además de generar inseguridad...»

«ultimas noticias sareb ultimas noticias sareb Sareb | Noticias Banciarias Últimas Noticias : 1 marzo, (Sareb) ha contratado a la entidad bancaria para estudiar nuevas fórmulas para la desinversión de sus activos. El banco malo se llama Sareb | Economía | La Sareb compró 197.474 activos financieros e inmobiliarios valorados Otras noticias. RECIBE LAS NEWSLETTERS DE EL PAÍS. Últimas noticias Ver todo SAREB (SAREB), Noticias, Bolsa: ultimas Noticias de SAREB (SAREB), última hora de la...»

«Estudios de Economía Aplicada ISSN: 1133-3197 secretaria.tecnica@revista-eea.net Asociación Internacional de Economía Aplicada España MORAL CARCEDO, JULIÁN; PÉREZ GARCÍA, JULIÁN Feeding Large Econometric Models by a Mixed Approach of Classical Decomposition of Series and Dynamic Factor Analysis: Application to Wharton-UAM Model Estudios de Economía Aplicada, vol. 33, núm. 3, 2015, pp. 487-512 Asociación Internacional de Economía Aplicada Valladolid, España Available in:...»

«The Biggest Secret By David Icke Contents A Free World? Introduction Days of Decision  Chapter one The Martians have Landed?  Chapter two “Don’t Mention The Reptiles”  Chapter three The Babylonian Brotherhood  Chapter four The Suns of God  Chapter five Conquered by The Cross  Chapter six Rule Britannia  Chapter seven Knights of the Sun  Chapter eight Same Face, Different Mask  Chapter nine Land of The ‘Free'  Chapter ten Money Out Of Nothing  Chapter...»

«Building Workforce Innovation Capacity in Australia: A Dynamic Economic Framework for Evaluating Two Strategies Jerry Courvisanos* and Donatella Cavagnoli** Abstract Innovation in Australia has become the top national priority in strengthening competitiveness of firms and generating strong economic development. This paper investigates the building of workforce innovation capacity through human resource management (HRM) practices to foster innovation in Australia. Two HRM strategies are...»

«Annual Report Of The Secretary Of The Vermont Dairymen S Association For The Annual Meeting Feature 20 with your important decision is where you can download how to code the cheap.A to be people to him. The 12 follow-up Annual Report of the Secretary of the Vermont Dairymen's Association for the Annual Meeting someone that some way geographic three reports is the Carolina Annual Report of the Secretary of the Vermont Dairymen's Association for the Annual Meeting process of 2010-2013 of event,...»

«Documento Marco 02/2014 31 enero de 2014 Francisco J. Ruiz González* LA SITUACIÓN DE RUSIA Y SU INFLUENCIA EN EL MUNDO Recibir BOLETÍN ELECTRÓNICO Visitar la WEB LA SITUACIÓN DE RUSIA Y SU INFLUENCIA EN EL MUNDO Resumen: A comienzos del pasado año 2013, pocos se hubieran aventurado a pronosticar el relevante papel que correspondería jugar a Rusia en la esfera internacional, ni mucho menos el nivel de éxito de varias de sus iniciativas diplomáticas. Con motivo del discurso del...»

«Introduction Renée C. Fox, Victor M. Lidz, and Harold J. Bershady rom the 1930s to the mid-1960s, Talcott Parsons was the leading contributor to the develF opment of sociological theory, in the United States and internationally. More than any other contemporary figure, he shaped the conceptual schemes used in research, the bodies of theory taught to students, and thinking about the issues requiring investigation at the frontiers of sociological knowledge. In some dozen books and hundreds of...»

«Behavioral Portfolio Theory by Hersh Shefrin and Meir Statman Department of Finance Leavey School of Business Santa Clara University Santa Clara, CA 95053 Phone (408) 554-4385 email: hshefrin@mailer.scu.edu mstatman@mailer.scu.edu November, 1997 We thank Peter Bernstein, Fischer Black, Werner De Bondt, Daniel Kahneman, Harry Markowitz, and Drazen Prelec for comments on a previous draft of this paper. This work was supported by the National Science Foundation, grant NSF SES 8709237, and the Dean...»

«REVISTA CIDOB D’AFERS INTERNACIONALS 63. Fundación CIDOB Calle Elisabets, 12 08001 Barcelona, España Tel. (+34) 93 302 6495 Fax. (+34) 93 302 2118 info@cidob.org La nueva China El Decimosexto Congreso del Partido Comunista Chino y los Juegos Olímpicos de Beijing Jonathan Story y Rafael Bueno Revista CIDOB d’Afers Internacionals, núm. 63, p. 33-50 El Decimosexto Congreso del Partido Comunista Chino y los Juegos Olímpicos de Beijing Jonathan Story* y Rafael Bueno** RESUMEN Con la...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.