FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation

Pages:     | 1 |   ...   | 39 | 40 || 42 | 43 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 41 ] --

Parallel Processing A computer which uses more than one processor, either to be able to perform more than one task at the same time or to improve processing speed by breaking down one larger task between different processors. Parallel processing is not quite the same as ‘Multi-tasking’ since, by definition, a single processor cannot do two things at once. It just seems that way to the user because the two things are handled one after the other so very quickly.

A typical organisation/business server will employ at least two and often four processors within the same machine. Although they may appear identical from the outside, dual processor (and better) systems are not aimed at the domestic, home user, market. Generally they demand specifically written application software and are not suitable for games/entertainment use. This feature alone makes them more attractive to companies.

Some very large systems can employ huge numbers of processors - hundreds or more - and, naturally are extremely powerful (approaching the SuperComputer class). Such systems are generally described as being ‘Massively Parallel’.

Parallel processing has considerable advantages fro companies with Mission Critical applications - but it comes at a price.

–  –  –

Parkinson's Law of Data ‘Data expands to fill the space available for storage.’, i.e. buying more memory encourages the use of more memory-intensive techniques. It has been observed since the mid-1980s that the memory usage of evolving systems tends to double roughly once every 18 months. Fortunately, (per Moore’s Law) memory density available for a constant price also tends to about double once every 18 months.

Unfortunately, the laws of physics mean that the latter cannot continue indefinitely.

Password Management Package A piece of software that is used to control password functions, often for several different application systems simultaneously.

Passwords – Choosing The object when choosing a password, is to make it as difficult as possible for a hacker (or even a business colleague), to guess or ‘work out’ your password. This leaves the hacker with no alternative but to a) give up (which is what we want!) or

b) initiate a ‘brute-force’ search, trying every possible combination of letters, numbers, and other characters. A search of this sort, even processed on a computer capable of generating and testing thousands of passwords per second, could require many years to complete. So, in general, passwords should be safe;

but only if you select them carefully.

Using only the standard English alphabet and numerals, a non-case-sensitive password of 6-characters offers over 2 million possible combinations. In casesensitive password applications ‘a’ is not the same as ‘A’, which doubles the number of available characters. Thus, making that same 6 character password case-sensitive, and allowing the shifted version of the numerical keys increases the number of combinations to approaching 140 million. Each additional character increases the number of combinations exponentially, and so a 7character, case-sensitive password would offer over a billion combinations. A human user has virtually no chance of ever identifying a 6-character password which has been randomly generated and, obviously, even less chance of cracking a password of 8 or more characters.

What Not to Use • Don't use your login name in any form e.g. ‘as is’, reversed, capitalized, doubled, etc.

• Don't use your first or last name in any form.

• Don't use your spouse or partner’s name; or that of one of your children.

• Don't use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the brand of your automobile, your home or street name etc.

• Don't use a password of all digits, or all the same letter. This significantly decreases the search time for a hacker.

Glossary 456 • Don't use a word contained in the dictionary (English or foreign language), spelling lists, or other lists of words.

• Don't ever use a password shorter than six characters.

What to Use

• Use a password with mixed-case alphabetic characters.

• Use a password with non alphabetic characters, e.g., digits or punctuation.

• Use a password that you are able to commit to memory; so you don't have to write it down.

• Use a password that you can type quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by watching over your shoulder.

Be aware of Dictionary-Based Off-Line Searches Hackers will often use a dictionary of common passwords to ‘jump start’ the cracking of your password. Instead of using passwords like "kwPpr*Kv8naiszf" or "2AW~#6k" many people still use simple, easy to remember passwords such as jackie1 or PeterS. So hackers don't bother with exhaustive searches for all combinations of random letters or characters, but use a rules-based password cracking program.

Therefore select a password that will be extremely hard to crack and change it periodically too!

Passwords – Use and Best Practice A string of characters input by a system user to substantiate their identity, and/or authority, and/or access rights, to the computer system that they wish to use.

Passwords are central to all computer systems - even sophisticated systems employing fingerprints, voice recognition, or retinal scans.

Even having chosen an ‘impossible to guess’ password, (See Passwords – Choosing) your management of the password will determine its effectiveness in safeguarding access to the system using your user ID and password. The following best practice guidelines should be observed.

• Passwords must never (ever) be written down. The moment they are committed to a paper or a document, discovery of that paper will invalidate other security measures. A potential hacker may also witness the removal of the paper as you innocently review your password list, and this will then offer a simple target; obtain the paper and not only will ‘this’ password be available, but possibly those to other systems and credit card PIN numbers and perhaps your bank account etc……..

• Passwords of key role holders - such as System and Network administrators - should be copied and held under dual control in a fireresistant, secure location, to enable access to the system by an authorised person in the unavoidable absence of the password holder.

• Passwords must be changed at regular intervals, and should be chosen privately by the individual users; and although often issued initially by the IT people, the password must be changed immediately.

• Password changes must be forced if necessary by implementing an expiry period after which a user’s password will not be accepted and the next attempt to log on by that user will result in a security flash to the system console.

–  –  –

Patch Similar to a ‘Fix’, a Patch is a temporary arrangement used to overcome software problems or glitches. A patch will normally be released as a ‘quick fix’ prior to the next formal release of the software. Patches are usually (but not always) available on-line from the vendor’s Web site.

Caution. A patch will usually (but not always) be an incremental addition to an assumed software version, i.e. the patch will assume that the software already installed is version ‘x’. It is critical that the patch is applied carefully and that the software version to which it applies, is confirmed. Naturally, no software update should be performed without first having adequately tested the update. See System Testing.

Path In IT systems, the path refers to the location of a file or directory on that system.

On PCs using MS DOS® or Windows®, the path is as follows :driveletter:\directoryname\sub-directoryname\filename.suffix In Microsoft Windows®, the term ‘directory’ is called a ‘folder’; it is the same thing though!

Unix systems are similar but use a modified syntax, as follows :directory/subdirectory/filename Payload The ‘active’ element of a virus. Some payloads are extremely malevolent, others merely childish, while yet others appear to have no real payload at all, simply reproducing or attaching themselves to existing files all over the place and filling up hard disks with clutter.

Peer Review Peer Review refers to the checking and review of work performed by one’s peers (equals) in a working group. The term is frequently used in projects where systems development takes place. Both systems analysts and programmers will have their work checked by each other and this forms a critical aspect to the quality process.

Peers can usually identify each other’s errors quickly and easily and can result in elevated performance.

Penetration Intrusion, Trespassing, Unauthorised entry into a system. Merely contacting system or using a key board to enter a password is not penetration, but gaining access to the contents of the data files by these or other means does constitute Penetration.

Penetration Testing, is the execution of a testing plan, the sole purpose of which, is to attempt to hack into a system using known tools and techniques.

–  –  –

Peripherals Pieces of hardware attached to a computer rather than built into the machine itself.

The term includes Printers, Scanners, Hard Drive Units, Portable drives, and other items which can be plugged into a port.

Physical Security Physical Protection Measures to safeguard the Organisation's systems. Including but not limited to restrictions on entry to premises, restrictions on entry to computer department and Tank, locking/disabling equipment, disconnection, fireresistant and tamper-resistant storage facilities, anti-theft measures, anti-vandal measures, etc.

Pickling Archiving a working model of obsolete computer technology so that a machine will be available to read old archive records which were created and stored using that machines’ system. Reportedly, Apple Computers have pickled a shrink-wrapped Apple II machine so that it can read Apple II software (if necessary) in the future.

Ping ‘Ping’ stands for Packet Internet (or Inter-Network) Groper and is a packet (small message) sent to test the validity / availability of an IP address on a network. The technical term for ‘ping’ is the Internet Control Message Protocol. Maliciously sending large volumes of ‘Pings’ to cause difficulties for anyone else attempting to access that address is known as Smurfing.

PKI Where encryption of data is required, perhaps between the organisation’s internal networks and between clients and representatives, a means of generating and managing the encryption keys is required.

PKI, or Public Key Infrastructure, is the use and management of cryptographic keys - a public key and a private key - for the secure transmission and authentication of data across public networks.

Caution : Whilst the overall mechanisms and concepts are generally agreed, there are differences amongst vendors.

A public key infrastructure consists of:

• A Certification Authority (CA) that issues and assures the authenticity of Digital Certificates. A Digital Certificate will include the public key or other information about the public key.

Glossary 459 • A Registration Authority (RA) that validates requests for the issuance of Digital Certificates. The Registration Authority will authorise the issuance of the keys to the requestor by the Certificate Authority.

• A certificate management system. This will be a software application developed and provided by the vendor of the PKI system.

• A directory where the certificates, together with their public keys are stored; usually confirming to the X.500 standards.

–  –  –

Platform Usually, nothing whatsoever to do with railway trains or stations! The term platform crept into IT jargon in the early 1990s and is now an accepted term in the vernacular. It refers to the hardware and, by implication, the Operating System of a certain type of computer.

Policy A policy may be defined as ‘An agreed approach in theoretical form, which has been agreed to / ratified by, a governing body, and which defines direction and degrees of freedom for action.’ In other words, a policy is the stated views of the senior management (or Board of Directors) on a given subject.

Polling Checking the status of an input line, sensor, or memory location to see if a particular external event has been registered. Typically used on fax machines to retrieve information from a remote source, the user, will dial from one fax machine to another, then press the polling button to get information from the remote fax machine.

Polymorphic Term used to describe a virus which changes itself each time it replicates in an attempt to hide from Anti-virus software. Nasty.

POTS POTS – Plain Old Telephone Service. This acronym was born in the early 1990s when everything (it seemed) HAD to have an acronym. The term POTS was created by systems’ professionals to clarify their documentation and diagrams when referring to networks and computer links which perhaps only used or required the use of, the plain old telephone system! It also implies the older non digital copper wiring which was ‘OK’ for voice but was poor for data at speeds beyond 4800bps.

Glossary 460 Privilege Privilege is the term used throughout most (if not all) applications and systems to denote the level of operator permission, or authority. Privilege can be established at the file or folder (directory) level and can allow (say) Read only access, but prevent changes. Privileges can also refer to the extent to which a user is permitted to enter and confirm transactions / information within the system. In many systems, the security features will offer the ability to implement dual control or automatic escalation to the next ‘highest’ level, to assist with Information Security compliance and best practice.

Privileges are established at 2 levels, firstly at the network level, where the level of privilege is established with respect to general access rights and permissions;

secondly, at the application level where the user’s job function and responsibility will determine the level of privilege required.

Pages:     | 1 |   ...   | 39 | 40 || 42 | 43 |   ...   | 47 |

Similar works:

«CHAPTER 7 Animal Husbandry, Dairying & Fisheries 7.1 The animal production system in India is predominantly part of a mixed crop-livestock farming system vital for the security and survival of large numbers of poor people. In such systems, livestock generate income, provide employment, draught power and manure. This production system assumes special significance in the present context of sustained economic growth, rising income, increasing urbanization, changes in taste and preference that have...»

«Advanced Studies in International Economic Policy Research Kiel Institute for the World Economy Hindenburgufer 66 D-24105 Kiel/Germany Working Paper No. 457 Institutional Quality Database by Aljaz Kuncic March 2012 Kiel Advanced Studies Working Papers are preliminary papers, and responsibility for contents and distribution rests with the authors. Critical comments and suggestions for improvement are welcome. Institutional Quality Database ∗ Aljaz Kuncic Abstract In this paper we emphasize the...»

«samaniego alava samaniego alava Hotel PALACIO SAMANIEGO | SAMANIEGO | ALAVA | Das ist ein Palast des 18. Jahrhunderts, dessen Fassade das Wappen der Begründer zeigt. Die Dekor Ferienhaus Ferienwohnung in Samaniego (Alava Vitoria Ferienhäuser Ferienwohnungen in Samaniego für Familien, Paare, Gruppen und Alleinreisende. Große Auswahl von günstig bis exklusiv. Online buchen Carlos Benjamin Samaniego Alava | LinkedIn View Carlos Benjamin Samaniego Alavas professional profile on LinkedIn....»

«Christian Commitment And Prophetic Living Appropriately, people did on the other government time make money others in a example, and then of strong consumers. The financial capacity can however avoid what their pile will just download. The least estate with the analysis ability is if it was consider to ask traditional earth the real same travel income goes according to be. Again, you is 18, which is you was an time in all 8+-cal/cm2 volcanic credit. Common rate calculation people will make your...»

«Oneida County JOB DESCRIPTION JOB TITLE: Environmental Health Technician DEPARTMENT: Health Reports To: Public Health Director and Assistant Director FLSA Status: Nonexempt Prepared By: Carl Meyer Prepared Date: July 2013 Approved By: Lisa Charbarneau Approved Date: July 2013 Reviewed Date: GENERAL SUMMARY: The Environmental Health Technician promotes individual and population public health by providing the essential services of public health within a variety of settings. Responsibilities...»

«Resumen Estudios de la OCDE sobre administración electrónica La administración electrónica: un imperativo Overview OECD E-Government Studies The E-Government Imperative Spanish translation Los Resúmenes son traducciones de extractos de publicaciones de la OCDE. Todos los Resúmenes se pueden obtener de forma gratuita en el OCDE Online Bookshop : www.oecd.org/bookshop/ Este Resumen no es una traducción oficial de la OCDE. ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT ORGANIZACIÓN...»

«Hieronymus Bosch –El Bosco–. El carro del heno, 1500 Jerónimo, ¿vos cómo lo ves?, 2002 Theory of Money of David Ricardo: Quantity Theory and Theory of Value Susumu Takenaga Lecturas de Economía –Lect. Econ.– No. 59. Medellín, julio diciembre 2003, pp. 73-126 Theory of Money of David Ricardo : Quantity Theory and Theory of Value Susumu Takenaga Lecturas de Economía, 59 (julio-diciembre, 2003), pp.73-126 Resumen: En lo que es necesario enfatizar, al caracterizar la teoría...»

«Human Capital, Labour Supply and Tax Reform Richard Blundell (UCL & IFS) (based on joint work with Monica Costa-Dias (IFS), Costas Meghir (Yale & IFS) and Jonathan Shaw (IFS & UCL)). Paper and references on my web page. Dale Mortensen Lecture SED, Warsaw, June 2015 Richard Blundell(UCL), SED, Warsaw Dale Mortensen Lecture 2015 The most wonderful economist...An economist who took theory and data seriously.Effortlessly moving between implications for micro and macro behaviour. Then there were...»

«This paper was presented at an Economic Policy Institute symposium on June 15, 1999. The symposium was funded by grants from the United States Department of Labor and the Alfred P. Sloan foundation. Opinions and views in the paper are those expressed by the author and in no way are they to be taken as expressions of support for these particular positions by the Department of Labor, the Alfred P. Sloan foundation, or the Economic Policy Institute. Katherine S. Newman Ford Foundation Professor of...»

«Entraide Et Associations In they are much think who you do, when will you hold needs. Down credit pdf is the Stumbleupon services to close their middle equipment to this subject example with much planners. A industrial business on e-books Fortune is done for a East Georgia Photos North and, if other, is seen to download to the new entity or coach dice eliminated out that a Entraide et associations Down Internet Philippines SuccessDigest. Be this 2013 which is you there usually in the most...»

«UNIVERSITY OF FLORIDA College of Journalism and Communications – MAMC Global Strategic Communication MMC 6647 713C – Financial and Business Essentials for Communication Professionals Instructor: Prof. Randy Moreau Office: Virtual – 305-495-8243 (mobile) – rmoreau@jou.ufl.edu Office hours (telephone or Skype) can be arranged via email (12 modules x 3 hours = 36 hours) (☼) This syllabus is subject to change, as the professor deems appropriate and necessary. Course description: The...»

«Management & Organizations: Fall 2012 New York University A Private University in the Public Service Course Details Management & Organizations (MGMT-UB 9001) 4 Points Frank Mulligan Instructor Contact Email: fm60@nyu.edu Information Thursdays, 12:00 – 1:00 PM Thursdays, 1:00-4:00 PM Class Time Why do some organizations succeed while others flounder? As students of business, it Course Description is critically important for you to have an understanding of the key factors that & Objectives...»

<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.