WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 42 | 43 || 45 | 46 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 44 ] --

The other use of sniffers is by connecting to the Internet then capturing data; such data can include user names and passwords. However, crackers who deploy sniffers usually target sniffers at a strategic position e.g. at the gateway between the target system and another network; through this gateway will pass all the login names and passwords. Having said that, most modern systems will ensure that Glossary 474 the username and password is encrypted prior to transmission such that the sniffer will not yield such information ‘on a plate’.

Social Engineering Social engineering is a means by which information is extracted, usually verbally, by someone impersonating a legitimate holder or user of the information in question. Social engineering will often take place over the telephone; here are some examples : A ‘senior member of staff’ calls the IT support desk in a ‘great hurry’ and has forgotten their password (and they need it now!)

• A ‘secretary’ calls to inform that their superior needs to access some information urgently but has forgotten the ‘new’ password.

• A ‘telephone engineer’ calls to request details of the access number to the computer system as they have received a fault log and they need to ‘test it’.

• In response to a request from a ‘colleague’ to speak to Ms X, they are advised that she is away for 3 days on business. To the caller, this knowledge is indicative that Ms X’s logon account to the system is unlikely to be used during this period.

Soft Copy A document created and saved on computer media rather than paper. The transmission of ‘soft copy’ files between parties is now common place; especially since a de-facto standard has emerged for desktop tools such as Word Processor and Spread Sheet.

–  –  –

Software Inventory Master Software Inventory - A detailed list of all software licensed to the organisation, showing, amongst other things:- Licence number, program name, version/release number, cost, location(s), user(s), and asset reference number (if appropriate).

Unit Software Inventory - an equally detailed list of hardware in order of machine and user(s). This sheet may be used for Audit checks to confirm that any given user machine still has the software detailed and no unauthorised additions, removals, or modifications have been made.

Glossary 475 Software Licensing The use of unlicensed software is illegal, and whilst the majority of organisations would not condone it, the vast majority are believed to be using unlicensed software to some extent. In many cases, software piracy occurs unintentionally; for example a genuinely licensed program is copied for use on multiple workstations.

It is common practice for software vendors to permit customers to ‘try before they buy’. In this case, they offer the software as ‘shareware’ and propose a trial of say, 30 days. At the expiration of the 30 day period, and depending upon the ingenuity of the developer, the software can refuse to load without the input of a valid licence key; or it can continue to run as normal or can require the continue depression of a button to signify your understanding of the terms of the licence.

Unlicensed software is major threat to an organisation’s Information Security because, not only does this jeopardize the legal position, it also threatens the data held on such systems as no support will be provided.

The End User License Agreement – EULA is normally seen during the install process of the software.

Software Release Since the early 1980s when the micro computer was (commercially) born, software packages have followed a standard release convention. A full release is a full digit, and a minor release is a decimal. For example Microsoft Windows® version 3.1.

In general, the bigger the number, the longer the product has been used, and hence the more stable it is likely to be. This is not always the case and you should be cautious of new ‘dot zero’ releases, e.g. 2.0 as it could still be brand new code;

and potentially untested.

Software Support / Maintenance Contract Licences for business systems, especially the larger and more expensive ones, will usually be priced such that an annual support and maintenance agreement is incorporated, in additional to the software license agreement.

The price of such contracts will vary, but it is not unusual to see an annual figure of between 15% - 20% of the original software license fee. The support contract should offer a level of support in response to problems and issues, and specify precisely how such responses will be dealt with. Where such response is seen as critical to your organisation’s business operation, you should consider a separate Service Level Agreement, in which specific metrics will be incorporated.

The ‘maintenance’ side of the agreement should specify the nature of such maintenance. For example it might specify that “clients will receive a minimum of two maintenance releases per annum which will include general software fixes together with general enhancements”. To prevent expectation mismatch, it is suggested that you speak to a current customer of the system, who has some experience of the vendor’s support and maintenance contract. Where this is not possible, seek tangible evidence of that which has been delivered over (say) the previous year.





Software Version Control Although not a global standard per se, software developers have a generally agreed code of practice with regard to software versioning. In general, the version number will be identified by two or three digits e.g. (version) 1.2.1 This example indicates that the software is in its first major release, its second point release and its first mini release or patch.

Be wary of software in its ‘1.0’ release as this suggests that the software is new and may not have undergone thorough testing and subsequent update. Be Glossary 476 cautious when using any software in its 1.0 release; even those from the largest names in the software industry!

Source Code The actual program - as written by the programmer - which is compiled into machine code (object code) which the computer can understand. Source code is the intellectual property of the developer(s) and for many years commercial source code was never released to users, only licensed for use. Possession of Source Code is essential if a organisation is to maintain and/or modify the software without being reliant upon the original developer. There are now Escrow provisions in the agreements for major developments to protect users in the case of a developer/supplier ceasing to trade.

Spam Derived from the Monty Python song ‘Spam Spam Spam Spam’, with seemingly endless repetition! Computer Spam is the electronic equivalent of Junk Mail.

Companies and individuals who specialised previously in Mail Shots through the postal system have turned to Spam as a means of delivering (usually) worthless messages at a fraction of the cost of ‘Snail Mail’. Given the huge databases now held on computers around the world, ‘Spammers’ can send literally hundreds of thousands of messages for a few pence, or cents. Some companies consider this to be a ‘better’ use of their marketing budgets than the traditional routes.

Spam is also a feature of Usenet, where individuals, who need to get out more, post lengthy and irrelevant messages to dozens, if not hundreds, of groups at a time, attracting considerable irritation, generating significant amounts of angry message transmissions, and sometimes starting a Flame War.

–  –  –

Spot Check The term ‘spot check’ or ‘snap check’ comes from the need to validate compliance with procedures by performing impromptu checks on vouchers, records and other files which capture the organisation’s day to day activities.

Stability Because software can contain multiple bugs (or features!), a sought after characteristic is ‘stability’. An operating system (e.g. Windows® NT or Sun Solaris) being described as stable, signifies that it may be used, as intended, without crashing, freezing or displaying other adverse characteristics.

Selecting an operating system for your primary systems, where reliability is essential, will require a stable environment. Hence the reason why most corporates will retain older versions of systems software to ‘allow the bugs to be ironed out’ before they migrate to the newer version. Even then, they will often consciously remain at least a ‘point release’ behind; valuing stability and reliability above all else.

–  –  –

Stealth Bomb A stealth bomb is a piece of malicious code that is disguised as something else. It may be received as a ‘normal’ e-mail, or perhaps as an amusing screen saver.

Stealth bombs deliver their ‘payload’ surreptitiously and the results can be both damaging to your system and also highly embarrassing.

See Malicious Code for more detailed information.

Steganography Steganography is the technique whereby a message, possibly encrypted, is concealed within another medium. In the world of computing, this means that a seemingly innocuous graphic or sound file (say) can conceal a message which could be used to disguise corporate espionage.

Stress Testing Stress Testing is a form of testing which purposely attempts to identify the weakest link of a system. Stress testing will seek to verify that, following any abnormal conditions, the system can revert quickly to normal operation. Such conditions might include : data processing immediately after system downtime, after a network failure, or during peak activity periods.

Stripping Deliberately deleting files, records, or data, from a system. This can be an authorised activity when, for example, duplicate files are identified and removed from the system to reclaim the disk storage space they occupy. More often, however, stripping is associated with the removal of records which evidence some fraudulent or other criminal activity. It is not unusual for Auditors, or Law Enforcement officers to find that the records they need for their investigations are not there.

Deleted records can be recovered if the storage media is secured quickly enough, but a skilled stripper can usually remove all trace of them before such action can be taken. The only recourse then is to backup files where (hopefully) copies can be obtained.

Structured Query Language – SQL Structured Query Language or SQL (pronounced ‘S’ ‘Q’ ‘L’ or ‘Seekwul’) is a type of programming language used to interact with a database. The language is used to both update and issue queries to the database. A query is a request for information based upon specific criteria e.g. ‘output all our clients with a sales turnover of more than $x sorted by region’.

–  –  –

Suite A collection of applications, each of which can stand alone, but which have been designed to work together. The most common example is the ‘Office Suite’ which will include, normally, a Word Processor, a Spreadsheet, a Presentation application, a Personal Organiser / Scheduler, probably an e-mail program, and, in some versions, a database application. The objective of the developer is clearly to try and lock in users to a particular set of programs rather than selecting separate appellations from different suppliers.

Super Computer An extremely powerful, incredibly fast, and unbelievably expensive computer, such as the types associated with Cray, and up-scale IBM installations. Rarely seen in a business/commercial environment such machinery is usually the province of meteorologists, and research scientists.

Super User The term ‘Super User’, is one that denoted the highest level of user privilege and can allow unlimited access to a system’s file and set-up. Usually, Super User is the highest level of privilege for applications, as opposed to operating or network systems. Notwithstanding the possible semantics, the use of Super User should be under dual control as such a user could, if they so wished, destroy the organisation’s systems maliciously or simply by accident; neither is acceptable!

Suppression A technique used by criminals such as Salami Slicers to prevent particular records, accounts, etc being seen. Suppression code will stop a file being displayed on a screen, and will not include the item when a printed report is called.

Very difficult to spot, especially since the total figure at the bottom of the report will be correct. The only way to prove that it is happening is to call for a list of all accounts, calculate, manually, the sum of the figures shown and compare that result with the claimed total. It is very unlikely that such a procedure would be carried out unless there were already grounds for suspicion, but some Audit teams do follow such a practice for a random selection of ledgers, if only to justify their fee.

–  –  –

System Administrator Individual(s) who are responsible for running/operating a system on a day-to-day basis. In smaller installations, this task may well include the Network Administrator functions, but should not include any Security administration responsibilities.

System of Record A system of record is an information storage system (likely to be a computer system) which is the data source, for a given data element or piece information.

The need to identify the Systems of Record can become acute in large organisations, where Management Information (or MIS) systems have been built by taking copies of output data from multiple (source) systems, re-processing the data and then re-presenting it for their own business uses.

Where the Integrity of the data (element) is vital, it must either be extracted directly from its System of Record or be linked directly to its System of Record. Where there is no direct link with the System of Record, the integrity, and hence validity, of the data is open to question.

System Requirements A business, or other need, that must be satisfied by a computer system, and which therefore must be recognised when a system is being developed. Refer to Functional Requirement Specification.

System Software System software is the general term used to describe the many software programs, drivers and utilities which, together enable a computer system to operate. One of the main components of system software is the operating system of the computer e.g. Microsoft Windows® 2000 Professional.



Pages:     | 1 |   ...   | 42 | 43 || 45 | 46 |   ...   | 47 |


Similar works:

«Capítulo 1 Identificación de riesgos empresariales Antecedentes El interés por identificar los riesgos ha existido desde la antigüedad, fruto de la necesidad de prevenir eventos desfavorables para el bienestar de la humanidad. Acudir a oráculos para predecir los hechos, leer cartas como el tarot o la llamada carta astral, pedir consejo a expertos, consultar información, estar atentos a las noticias locales e internacionales, moni­ torear las acciones de la competencia y los gustos de los...»

«Policy booklet Car Insurance WELCOME TO AA INSURANCE SERVICES A warm welcome and thank you for choosing to insure your car through us. Our aim at AA Insurance Services is to combine value for money with peace of mind, making Car Insurance as straightforward as possible. Your policy booklet, Statement of Insurance and Certificate of Insurance (including any Endorsements) include everything you need to know about your Car Insurance cover. Alternatively, you can always contact our experienced...»

«Bienes comunes, nuevos cercamientos y economía política popular1 Bru LAÍN ESCANDELL Universitat de Barcelona bru.lain@ub.edu Recibido: 29-05-2014 Aceptado: 18-02-2015 Resumen Este artículo discute la creciente importancia que están adoptando los llamados bienes comunes  en el ámbito de la creación cultural. Para ello se discuten críticamente dos importantes analogías que han emergido en los últimos años: la primera, entre los bienes comunes naturales  y los digitales  y la...»

«TENNESSEE BUSINESS ENTERPRISES OPERATIONS MANUAL TABLE OF CONTENTS 1.0 PURPOSE 1.1 Mission 1.2 Focus Statement 1.3 Objectives 2.0 LEGAL AUTHORITY 2.1 Designation as State Licensing Agency 2.2 Federal Law 2.3 State Law 2.4 Rules and Regulations 2.5 Operations Manual 3.0 POLICY OF NON-DISCRIMINATION 3.1 Administration of Tennessee Business Enterprises 3.2 Management of Vending Facilities 4.0 ADMINISTRATIVE ORGANIZATION 4.1 Structure 5.0 AGENCY PERSONNEL OBLIGATIONS AND RESPONSIBILITIES 5.1 TBE...»

«¿ ECONOMETRIA O IDEOLOGIA EN ECUACIONES ? por Michel Husson1 La teoría dominante del desempleo es de una simplicidad bíblica: el desempleo es el resultado de una distorsión de precios. El precio del trabajo es demasiado elevado en relación a su productividad e induce a los empleadores a comprar esta mercancía; pero, por otro lado, es demasiado bajo en relación a los ingresos sociales de reemplazo, lo que casi no incita a los desocupados a vender esta mercancía. Como científicos, la...»

«GOVERNMENT OF KENYA MINISTRY OF STATE FOR SPECIAL PROGRAMMES OFFICE OF THE PRESIDENT NATIONAL POLICY FOR DISASTER MANAGEMENT IN KENYA MARCH, 2009 LIST OF ABBREVIATIONS ASAL Arid and Semi Arid Lands AU Africa Union CBD Convention on Biological Diversity CBOs Community Based Organizations CEWARN Conflict Early Warning and Response Network CSOs Civil Society Organisations DM Disaster Management DRR Disaster Risk Reduction ECOWAS Economic Community of West African States EWS Early Warning System...»

«South Wonston Parish Council South Wonston Village Design Statement September 2013 South Wonston Parish Council Table of Contents 1. Introduction 2. Acknowledgements 3. A Brief History of the Parish – GDG 1 4. The Parish Environment a) Landscape Setting and Open Views GDG 2 b) Conservation and Biodiversity GDG 3 c) Employment and Business in South Wonston GDG4 d) Highways and Traffic i) Road Size and Character in South Wonston ii) Getting About Without a Car: Public Transport, Cycleways,...»

«International Journal of Advanced Academic Research | Social & Management Sciences | ISSN: 2488-9849 Vol. 2, Issue 7 (July 2016) EFFECT OF TAX PLANNING ON FINANCIAL PERFORMANCE OF MANUFACTURING COMPANIES (CONSUMER GOODS SECTOR) IN NIGERIA OGUNDAJO, GRACE O. Department of Accounting, Babcock University, Ilishan-Remo, Ogun State, Nigeria. goyen01@yahoo.com, +2347065263796 ONAKOYA, ADEGBEMI Department of Economics, Babcock University, Ilishan-Remo, Ogun State, Nigeria. adegbemionakoya@yahoo.com,...»

«State of Nevada Department of Business and Industry Division of Industrial Relations WORKERS’ COMPENSATION SECTION Employee Leasing Company (PEO) Registration Application Completion of this Registration Application Form will enable the Division of Industrial Relations (DIR) to provide you with a Certificate of Registration. Please complete all areas. Registration Certificate will expire one year after date of issuance unless renewed before that date. Renewal is incumbent upon the certificate...»

«The Economics of Profit in California Dairies Luis A. Rodriguez1, Greg Bethard, and Michael McGilliard Zinpro Performance Minerals, G & R Dairy Consulting and Virginia Tech Correspondence author: lrodriguez@zinpro.com INTRODUCTION Milk price volatility has increased tremendously over the last 12 years in the dairy industry with milk price peaking every 3 years (Figure 1). There have been also major changes in the grain markets. Grains and grain by-products have risen in price, mostly due to...»

«THIRTY-NINTH CONFERENCE SOME ECONOMIC ASPECTS OF MECHANICAL CANE HARVESTING IN QUEENSLAND By E. H. CHURCHWARD and R. M. BELCHER Without doubt, the most significant event of the past decade for the Australian raw sugar industry has been its emergence on the world scene as a major exporter to free market destinations. Events of the next few years appear likely to extend the industry's dependence on these extremely competitive outlets. The extent to which high quality raws may be produced at low...»

«Security Metrics Guide for NIST Special Publication 800-55 Information Technology Systems Marianne Swanson, Nadya Bartol, John Sabato, Joan Hash, and Laurie Graffo COMPUTER SECURITY Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8933 July 2003 INITIAL PUBLIC DRAFT U.S. Department of Commerce Donald L. Evans, Secretary Technology Administration Phillip J. Bond, Under Secretary of Commerce for Technology National...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.