FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation

Pages:     | 1 |   ...   | 41 | 42 || 44 | 45 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 43 ] --

Scope Creep Scope Creep is the expression used by project managers and/or vendors who are under pressure to constantly deliver in excess of what was originally agreed.

Scope creep normally results from a failure to establish the clear requirements of the business users. As these begin to solidify the scope of the original plan can start to move – and continue to move. If the project manager is not alert to this (all too common) phenomenon, the requirements will constantly change thus ensuring

–  –  –

Screamer A VERY fast PC. Currently, to qualify as a ‘Screamer’ a PC must have at least a

1.5 Ghz processor and probably well in excess of a 30GB hard disk with a minimum of 256MB RAM; and as for the graphics card (oh, boy!).

–  –  –

Screen Grab Taking a ‘snapshot’ of a computer screen to be used in a document. Most screen grabbing is legitimate and is a useful device for documents such as guides and instruction manuals where the reader can see exactly what is mean by the text, rather than trying to imagine it. Some screen grabs are less innocent and have been used to obtain information from files which can be displayed but not copied or printed.

Screen Savers Screen savers, once created to save the screen from premature CRT burn out, are now used as a means of both protecting the screen and also for preventing casual shoulder surfing! Screen savers do have a useful and valid Information Security role. Used correctly, they will cut-in, blank the screen from view and require a user or network Administrator password to regain access. Provided the screen saver is set to trigger after (say) 2 minutes of inactivity, and upon user request, it can provide a useful and effective means of diverting casual / opportunistic incidents.

Screen Scraping Screen scraping is a technique used to interface (or link together) one system with another, by means of emulating User (screen) interaction. Screen scraping ‘maps’ the location of the various screens and the input boxes (fields) for the information.

Screen scraping will then emulate the input of an (electronic) User using the system at a terminal. This technique is not the preferred means of interfacing systems as it is slow and rather crude. However, it remains a viable means where other interfaces options are not easy or viable.

–  –  –

Scripts In a programming context Scripts are a type of programming language which are run, or executed, by another program. For example, Java Script is run by the Web browser which is running on the user’s PC.

Glossary 469 In the context of System Testing and User Acceptance Testing, scripts are used as the pre-determined input data to test the system. Scripts should not only state the precise data to be input, but also the expected response from the system. As User Acceptance Testing proceeds, the results from running the scripts will be recorded, as will the overall system conditions at the time to allow developers to more easily debug errors.

Scripts can take the form of input data sheets for manual input, or can be a series of files, the processing of which simulates the generation of transactions across the network to the system. This latter approach can allow for significant volumes to be processed. However, it is essential to proceed carefully as errors can so easily compound making analysis a nightmare!

Second Site A contingency arrangement whereby the organisation maintains a second computer centre, geographically remote from the primary system, but capable of taking over all processing and system functionality should the primary system fail.

Secure Area (on a system) Where an unknown file – e.g. one downloaded from the Internet – is to be opened (and this is especially true for any executable file i.e. a.exe file (a program), it must not be opened or executed in the normal filing space for your live systems.

A Secure Area – sometimes referred to as a ‘Sand Pit’ – is an area on a system which is totally shielded and / or isolated, from the potential impact of any code which is executed there. Whilst the isolation of the system is a clear requirement, scanning software which is able to detect malicious code activity must also be used, as Trojan code activity may go undetected.

Security Administrator Individual(s) who are responsible for all security aspects of a system on a day-today basis. The security administrator should be independent of both development and operations staff and often holds the highest power password on the system in order than the most sensitive activities can only be undertaken with a combination of both System Administrator and Security Administrator top-level passwords.

Security Breach A breach of security is where a stated organisational policy or legal requirement regarding Information Security, has been contravened. However every incident which suggests that the Confidentiality, Integrity and Availability of the information has been inappropriately changed, can be considered a Security Incident. Every Security Breach will always be initiated via a Security Incident, only if confirmed does it become a security breach.

Security for Electronic Transactions – SET SET was originally supported by companies such as MasterCard, VISA, Microsoft and Netscape and provides a means for enabling secure transactions between purchaser, merchant (vendor) and bank. The system is based upon the use of a electronic wallet which, carries details of the credit card, the owner and, critically a Digital Certificate. To provide end to end encryption and authentication, the SSL standard is used between the parties, thus ensuring digital trust between each leg of the transaction.

–  –  –

Security Officer The Security Officer in an organisation is the person who takes primary responsibility for the security related affairs of the organisation. It matters not whether the organisation is comprised two persons or two thousand, someone should be the named individual who becomes accountable for the Information Security of the organisation.

SED Smoke Emitting Diode (from Light Emitting Diode). A component which has allowed the magic smoke to get out.

Segregation of Duties A method of working whereby tasks are apportioned between different members of staff in order to reduce the scope for error and fraud. For example, users who create data are not permitted to authorise processing; Systems Development staff are not allowed to be involved with live operations.

This approach will not eliminate collusion between members of staff in different areas, but is a deterrent. In addition, the segregation of duties provides a safeguard to your staff and contractors against the possibility of unintentional damage through accident or incompetence – ‘what they are not able to do (on the system) they cannot be blamed for’.

Serial Processing Literally doing one thing after another. Generally Serial Processing is meant to indicate that one computer job must be completed before the next can begin and a queuing system is used, coupled with priority flags to indicate when a particular job request will be processed.

The most common example of serial processing is printing - especially when shared by several users.

Server Typically a dual (or better) processor computer which supplies (serves) a network of less powerful machines such as desktop PCs, with applications, data, messaging, communications, information, etc.. The term is replacing ‘host’ in many situations since the processing power of a desk top server is such that one machine is sufficient to run the computing requirements of a complete organisation.

Service Level Agreement – SLA A Service Level Agreement (SLA) is a contract between your organisation and the vendor of your system(s) to provide a range of support services, up to an agreed Glossary 471 minimum standard. SLAs will usually specific precisely what the support procedures are to be and the way in which a support call will be escalated through the vendor’s support organisation to achieve resolution.

SLAs should always have a maximum response time. In other words, from the moment the call is logged with the vendor, the SLA should specify the response time until either, an engineer arrives on site or perhaps a member of technical support calls back.

It is very important to discuss the details of the SLA with the vendor because, often, the only time when you will use it, is when you have suffered a breakdown or problem with your systems and it is then that you will need to depend upon the ‘fine print’ of the SLA.

Shareware Software supplied on a ‘try before you buy’ basis. Shareware is produced by software companies and independent programmers and supplied to users through a variety of channels including magazine cover disks, e-mail, mail order, Internet downloads, etc. The basic idea is that users will try out the software (which is sometimes, but not always crippled or limited in some way) and will like it so much that they will pay a relatively small registration fee to become an authorised user of the unrestricted program.

Shareware has been very successful and several software houses have established themselves as niche market leaders this way but companies should exercise caution in the use of such material. Shareware form independent programmers has a reputation for being ‘buggy’, causing conflicts with other software already installed on the computer, or simply failing to perform as expected.

Companies with policies which permit the installation and use of such material should restrict it to stand alone test or development machines where the software behaviour and the programs claimed benefits can be examined fully before being installed as registered version on live machines.

Sheep Dip Slang term for a computer which connects to a network only under strictly controlled conditions and is used for the purpose of running anti-virus checks on suspect files, incoming messages etc.

It may be inconvenient, and time-consuming, for a organisation to give all incoming E-mail attachment a ‘health check’ but the rapid spread of macro-viruses associated with word processor and spreadsheet documents, such as the ‘Resume’ virus circulating in May 2000, makes this approach worth while.

Shoulder Surfing Looking over a user’s shoulder as they enter a password. This is one of the easiest ways of obtaining a password to breach system security. The practice is not restricted to office computers, it is used wherever passwords, PINs, or other ID codes are used.

Could the person behind you at the bank ATM be a shoulder surfer?

Sign-Off The term ‘sign off’, as used in the world of systems means an agreement, as evidenced by the customer’s signature, that the system or project, meets the specified requirements. Much pressure will be brought to bear for users to sign-off

–  –  –

Sizing Sizing is an activity which is sometimes overlooked as today’s systems are usually so ‘powerful’ that formal sizing appears pointless. A sizing exercise analyses the demands to be placed upon a system, in terms of concurrent users, data types and quantity, storage requirements, expected response times etc and concludes the minimum specification for the system.

Slag As a verb; - to run a destructive program which will render most or all of a computer systems files, records, and data, utterly useless.

As a noun; - a description of what is left of a computer system after the slag code has been run.

Normally associated with IT staff, and Logic Bombs, Slag Code has, allegedly, been used by a Hacker to destroy a computer system. Slag Code has also been used to blackmail organisations such banks into handing over significant sums in return for information as to the location of the code and deactivation procedures.

More recently, the term has acquired alternative meanings:To bring a network to its knees by overloading it with data traffic

2. To describe all the irrelevant and uninteresting material which has to be waded through on the Net while trying to reach the once piece of valuable information sought. This is also known as Bitslag.

Glossary 473 Smart Card Smart cards look, and feel like, credit cards, but have one important difference, they have a ‘programmable’ micro-chip embedded. Their uses are extremely varied but, for Information Security, the are often used, not only to authenticate the holder, but also to present the range of functions associated with that user’s profile.

Smart Cards will often have an associated PIN number or password to provide a further safeguard. The main benefits of using Smart Cards is that their allocation can be strictly controlled, they are hard to forge and are required to be physically inserted into a ‘reader’ to initiate the authenticate process.

Smoke Emitting Diode An incorrectly connected diode, probably an LED, in the process of losing its Magic Smoke and becoming a Friode.

–  –  –

Smurf / Smurfing A smurf attack is one that is very technical and exploits features of the IP protocol within the TCP/IP protocol used for Internet communications.

A smurf attack causes a victim’s computer to become completely ‘way laid’ with answering fictitious network requests (‘Pings’) that it grinds to a halt and prevents anyone else from logging on.

See Denial Of Service for further information.

Snail Mail Bits of dead tree sent via the postal service as opposed to electronic mail. One's postal address is, correspondingly, a ‘snail (mail) address’. The variant ‘paper-net’ is a hackish way of referring to the postal service, comparing it to a very slow, lowreliability network.

Sniffers A sniffer is a program which captures and analyses packets of data as it passes across a network. They are used by network administrators who wish to analyse loading across network segments, especially where they suspect that spurious packets are ‘bleeding’ from one network to another.

Pages:     | 1 |   ...   | 41 | 42 || 44 | 45 |   ...   | 47 |

Similar works:

«CONTABILIDAD DE GESTIÓN AMBIENTAL PRINCIPIOS Y PROCEDIMIENTOS Título original: Environmental Management Accounting Procedures and Principles Univ.Doz.Mag.Dr. Christine Jasch Institute for environmental management and economics Institut für ökologische Wirtschaftsforschung, IÖW, Wien Prepared for the Expert Working Group on “Improving the Role of Government in the Promotion of Environmental Managerial Accounting” UN division for sustainable development TRADUCCIÓN EFECTUADA POR: D.CP....»

«211 The politicals adaptations. THE POLITICAL ADAPTATIONS OF MONTEIRO LOBATO John Milton Universidade de São Paulo Jmilton@usp.br Abstract Monteiro Lobato, enemy of the nationalist economic policies of the Getúlio Vargas government (1930-1945), used his adaptations of children’s literature in order to insert many of his political, economic and educational ideas. Of particular interest are the retellings of Peter Pan and Don Quixote by the liberal grandmother, Dona Benta, who encourages the...»

«ISSUE BRIEF ECONOMIC POLICY INSTITUTE | ISSUE BRIEF #395 MARCH 12, 2015 EPI’S FAMILY BUDGETS AND INCOME SUFFICIENCY IN LOS ANGELES BY ELISE GOULD AND DAVID COOPER F or over a decade, the Economic Policy Institute (EPI) has calculated basic family budgets for every area of the United States. These budgets measure how much it costs various representative family types in over 600 local areas across the country to have a modest but adequate standard of living. They measure the income families...»

«Finance and Economics Discussion Series Divisions of Research & Statistics and Monetary Affairs Federal Reserve Board, Washington, D.C. A New Look at the Wealth Adequacy of Older U.S. Households David A. Love, Paul A. Smith, and Lucy C. McNair 2008-20 NOTE: Staff working papers in the Finance and Economics Discussion Series (FEDS) are preliminary materials circulated to stimulate discussion and critical comment. The analysis and conclusions set forth are those of the authors and do not...»

«Upstairs Market for Principal and Agency Trades: Analysis of Adverse Information and Price Effects The Journal of Finance, forthcoming. Brian F. Smith, D. Alasdair S. Turnbull, Robert W. White* Preliminary Draft Please Do Not Quote This Revision: November 24, 2000 Abstract This paper directly tests the hypothesis that upstairs intermediation lowers adverse selection cost. We find upstairs market makers effectively screen out information-motivated orders and execute large liquiditymotivated...»

«June 4, 2007 Risk Management for Households—the Democratization of Finance1 By Robert J. Shiller2 The application of advanced principles of risk management to the risks of the household offers many opportunities to improving human welfare. For such application to be effective, the complex and long-term nature of the basic household maximization problem must be understood, and psychological factors that prevent households’ effective use of risk management tools to solve this problem must be...»

«Revista Electrónica de Veterinaria REDVET ISSN 1695-7504 http://www.veterinaria.org/revistas/redvet Vol. VII, Nº 10, Octubre/2006 – http://www.veterinaria.org/revistas/redvet/n101006.html Principales factores que afectan la prolificidad del ganado vacuno en latinoamerica Armando Cruz Zambrano Doctor en Ciencias Veterinarias, PhD. Profesor de Anatomia y Fisiología Animal. Especialista en Reproduccion animal. Facultad de Medicina Veterinaria. Universidad Técnica de Cotopaxi. Email:...»

«Principal LifeTime 2015 Separate Account-R6 Second Quarter 2016 Quarterly Commentary Inv Manager or Sub-Advisor Benchmark Morningstar Category Investment Objective Multiple Sub-Advisors S&P Target Date 2015 Index Target-Date 2015 Balanced Economic Overview This quarter, dramatic market volatility was felt following the U.K. referendum vote to leave (or Brexit) the European Union on June 23. After the initial shock and collapse of stock prices in the days following the vote, U.S. stock prices...»

«CONSEJEROS TITULARES Jesús Abrego De la Garza jabrego@dioceseofbnt.org Originario de Monterrey, Nuevo León. Es Técnico en Radiología. Director Interino de la Oficina del Ministerio Hispano de la Diócesis de Beaumont. Vicepresidente de The National Network de Pastoral Juvenil Hispana, Coordinador del Programa Encuentro Juvenil 2006. Es miembro de National Catholic Young Adult Ministry Association, CDBY, Beaumont Independent School District. Ganó el premio Henry B. Gonzales Community...»

«OFFICE POLICY MANUAL FOR Home Treasure Finders Inc and/or HMTF Realty Inc. Updated as of October 24, 2014 COMPANY PHILOSOPHY Management has spent a good deal of time and thought preparing our new policies and procedures manual. DORA has made it clear we real estate professionals will be more closely scrutinized in the future. The implementation of the broker self audit makes it necessary to take a close look at how we conduct business. We expect 100% compliance with the regulations so...»

«El Precio Del Placer Stiletto It will emerge a services and business of the other course, looking your sellers of a customer and project on color. The reason is the rid supplier and download they is planning a most of you will that the phones as you accumulate able. Cost alone also act with the government what can and will too postpone other to use you up. All the racial scores heard debts 5 boxes enough new to you, than in the terms that was factors have now on it. Really this social lead site...»

«BRAD BLACKWELL Executive Vice President, Portfolio Business Manager Wells Fargo Home Mortgage Brad Blackwell is Portfolio Business Manager for Wells Fargo Home Mortgage (WFHM) and member of the WFHM Executive Management Team (EMT). He is responsible for building stronger capabilities to generate home equity and non-conforming mortgage loans that we hold in our portfolio as a key strategy to serve our customers and grow the investment portfolio for Wells Fargo. In this role, he champions home...»

<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.