:::::::::::::::::Glossary D::::::::::::
Data Custodians
Individuals who have been officially designated as being accountable for protecting the confidentiality of specific data that is transmitted, used, and stored on a system or systems within a department or administrative agency of the City.
Data / InformationIn the area of Information Security, data (and the individual elements that comprise the data) is processed, formatted and re-presented, so that it gains meaning and thereby becomes information. Information Security is concerned with the protection and safeguard of that information which, in its various forms can be identified as Business Assets or Information Assets. The terms data and information can be used somewhat interchangeably; but, as a general rule, information always comprises data, but data is not always information.
Data Encryption
Data encryption is a means of scrambling the data so that is can only be read by the person(s) holding the 'key' - a password of some sort. Without the 'key', the cipher cannot be broken and the data remains secure. Using the key, the cipher is decrypted and the data is returned to its original value or state. Each time one wishes to encrypt data, a key from the 72,000,000,000,000,000 possible key variations, is randomly generated, and used to encrypt the data. The same key must be made known to the receiver if they are to decrypt the data.
Data Mining
Data Storage Device
A device that may or may not have intelligence that is connected to the City network via a network port, or by insertion into a computing device port that is connected to the network. These devices are generally used for data storage.
DatabaseA collection of files, tables, forms, reports, etc., held on computer media that have a predictable relationship with each other for indexing, updating, and retrieval purposes.
Database Administrator
DBAA 'DBA' is a highly technical person who has specialized in the development and maintenance of databases and database applications. The DBA is responsible for ensuring that all housekeeping routines are performed on the database, which may include designing and maintaining the structure and content of the (many) tables which together form the database, and the relationships between these tables. In addition, the DBA will usually be specialized in writing reports and querying the database, usually using Structured Query Language - or SQL.
Debug
To trace and fix faults (bugs) in computer software and, occasionally, hardware. The term derives from the same source as Bug.
Deciplegic
Mouse Potato suffering from Trigger Finger.
DecryptionThe process by which encrypted data is restored to its original form in order to be understood/usable by another computer or person.
Default Password
The password installed by a manufacturer and required to access a computer system when it is initially delivered, or a password required by software (typically shareware) to prove that the user is registered with the software vendor. Default passwords are not normally encountered on new PCs and have become relatively rare, but, in cases where such a password has been installed, the new owner of the equipment should change it at the earliest opportunity, to avoid it being known to third parties. There are a range of default passwords known to everyone; and these are the first ones tried by anyone hacking into, or merely attempting opportunistic access. Such passwords as 'password', '123456' and ' ' i.e. blank (nothing) must be changed immediately. If you have one of these or similar passwords; please change it now. RUSecure™ will still be here when you have finished!
Denial of ServiceA Denial of Service (DoS) attack, is an Internet attack against a Web site whereby a client is denied the level of service expected. In a mild case, the impact can be unexpectedly poor performance. In the worst case, the server can become so overloaded as to cause a crash of the system.
DoS attacks do not usually have theft or corruption of data as their primary motive and will often be executed by persons who have a grudge against the organization concerned. The following are the main types of DoS attack: :
DES / AESDES - The Data Encryption Standard and the AES - Advanced Encryption Standard are both data encryption standards for the scrambling of data to protect its confidentiality. It was developed by IBM in co-operation with the American National Security Agency and published in 1974. It has become extremely popular and, because it used to be so difficult to break, with 72,000,000,000,000,000 possible key variations, was banned from export from the USA. However, restrictions by the US Government, on the export of encryption technology was lifted in 2000 to the countries of the U.S. and a number of other countries. The AES - Advanced Encryption Standard, is a state of the art algorithm (developed by Rijndael) and chosen by the United States National Institute of Standards and Technology on October 2, 2000. Although selected, it will not become officially "approved" by the US Secretary of Commerce until Q2 2001. Meanwhile, products are already available which use the Rijndael algorithm within AES encryption tools.
Desktop
Dial-up
A method of communicating via telephone lines. The modem modulates the digital data of computers into analog signals to send over the telephone lines, then demodulates back into digital signals to be read by a computer on the other end.
Digital
Employing the binary system of numbers (1 and 0 only) for processing purposes.
Digital CertificateA digital certificate is the electronic version of an ID card that establishes your credentials and authenticates your connection when performing e-Commerce transactions over the Internet, using the World Wide Web. To obtain Digital Certificate an organization must apply to a Certification Authority which is responsible for validating and ensuring the authenticity of requesting organization. The Certificate will identify the name of the organization, a serial number, the validity date ("from / to") and the organization's Public Key where encryption to / from that organization is required. In addition, the Digital Certificate will also contain the Digital Signature of the Certification Authority to allow any recipient to confirm the authenticity of the Digital Certificate. A global standard (X. 509 Public Key Infrastructure for the Internet) defines the requirements for Digital Certificates and the major Certificate Authorities conform to this. Such standards, and the integrity of the Certificate Authorities are vital for the establishment of 'digital trust', without which e-Commerce will never attain its potential.
Digital Signature
A digital signature is an electronic equivalent of an individual's signature. It authenticates the message to which it is attached and validates the authenticity of the sender. In addition, it also provides confirmation that the contents of the message to which it is attached, have not been tampered with, en route from the sender to the receiver. A further feature is that an e-mail 'signed' with a digital signature cannot easily be repudiated; i.e. the sender is not able to deny the sending and the contents of the message; plus it provides a digital time stamp to confirm the time and date of transmission. For a digital signature to be recognized, and acknowledged as something of integrity, it needs to be trusted by the recipient. It is for this reason that a Certification Authority will supply a digital signature to persons, the identity of whom, it has been able to verify; perhaps by having an Attorney's stamp on a document which validates the applicant's name, address, date of birth etc. To provide greater digital trust, the Digital Signature is packaged with the certificate of the Certification Authority, and this too may be inspected for validity and expiration. Most people expect digital signatures to totally replace the use of the ('old fashioned') pen and ink signature with orders and authorities being accepted via digitally signed e-mails, the contents of which may, or may not, be encrypted for additional security.
Digital Subscriber Line (DSL)
A form of high speed Internet access competing with cable modems. DSL works over standard telephone lines and supports data speeds of over 1.5 Mbps downstream (to the user) and slower speeds upstream (to the Internet).
Digital
Employing the binary system of numbers (1 and 0 only) for processing purposes.
Digital Versatile Disk (DVD)
Currently, these optical storage disks are being pioneered by the entertainment business; notably because the DVD is able to store a full length feature movie on a single CD size disk, with faithful reproduction of visual and audio quality. DVD, with a capacity (using both sides of the disk) of approx. 17GB, will doubtless replace the present CDs / CD-ROMs with their 'modest' 670MB capacity. At present consumer models are read only, but they will soon offer full record capability with integration into information systems.
Digital Watermark
A unique identifier that becomes part of a digital document and cannot be removed. The watermark is invisible to the human eye but a computer can analyze the document and extract the hidden data. Digital watermarks are being used for Classified/Top Secret documents - usually Military/Governmental - and highly confidential commercial material. The primary use of such marks is to allow different marks to be used when the document is copied to different persons and thereby establish an Audit Trail should there be any leakage of information.
Disable
The process by which hardware or software is deliberately prevented from functioning in some way. For hardware, it may be as simple as switching off a piece of equipment, or disconnecting a cable. It is more commonly associated with software, particularly shareware or promotional software, which has been supplied to a user at little or no cost, to try before paying the full purchase or registration fee. Such software may be described as 'crippled' in that certain functions, such as saving or printing files are not permitted. Some in-house development staff may well disable parts of a new program, so that the user can try out the parts which have been developed, while work continues on the disabled functions. Disabling is also often used as a security measure, for example the risk of virus infection through the use of infected floppy diskettes can be greatly reduced, by disconnecting a cable within the PC, thereby disabling the floppy drive. Even greater protection is achieved by removing the drive altogether, thereby creating a diskless PC.
Disaster Recovery Plan
The master plan needed by technical and non-technical staff to cope with a major problem - such as the Boeing Syndrome. Do not confuse and merge the DRP with the Business Continuity Plan. The DRP is the plan which is activated when there is an emergency. It is the plan which ensures that health and safety come first followed by damage limitation. Having contained the impact of the disaster, and having ensured that the situation is now under control e.g. through the Emergency Services, then the Business Continuity Plan will be activated. One of the most difficult aspects of a DRP is agreeing when it should be activated. In some circumstances it will be clear. For example, a tornado destroys part of the office block; or a serious fire reduces the premises to ashes. However, on many occasions, disasters have multiple warnings or indicators, and it is these which need to be considered and identified as the triggers to invoke your DRP. N.B. The skills required to prepare and manage a DRP are not necessarily the same as those required for a Business Continuity Plan.
Distributed Processing
Spreading the organization's computer processing load between two or more computers, often in geographically separate locations. If a organization has the necessary financial and technical resources, distributed processing, with mirroring between sites, is an excellent contingency plan for sudden disasters. Even if there is a total loss of one system, the remaining computer(s) can carry the load without disruption to users and without loss or corruption of data.
DMZ
A DMZ - De-Militarised Zone, is a separate part of an organization's network which is shielded and 'cut off ' from the main corporate network and its systems. The DMZ contains technical equipment to prevent access from external parties (say on the Internet) from gaining access to your main systems. The term comes from the buffer zone that was set up between North Korea and South Korea following their war in the early 1950s. A DMZ is not a single security component; it signifies a capability. Within the DMZ will be found firewalls, choke and access routers, front-end and back-end servers. Essentially, the DMZ provides multi-layer filtering and screening to completely block off access to the corporate network and data. And, even where a legitimate and authorized external query requests corporate data, no direct connection will be permitted from the external client, only a back-end server will issue the request (which may require additional authentication) from the internal corporate network. However, the extent to which you permit corporate data to be accessible from and by external sources will depend upon the value of the Business Assets which could be placed at (additional) risk by allowing access to (even) pre-specified data types.
DNS
Domain Name System (or Server). The DNS is the means by which user friendly Web addresses are translated into arcane IP addresses. The DNS ensures that a Web address is routed to the correct site.
Domain Name
The domain name identifies the location of an organization or entity on the Internet and, through Domain Name Service translates this to an IP Address, which is the real address to which traffic destined for that domain name is routed.
Dongle
A mechanical device used by software developers to prevent unlicensed use of their product. Typically, a Dongle is a small connector plug, supplied with the original software package, which fits into a socket on a PC - usually a parallel port, also known generally as the LPT1 Printer port. Without the Dongle present, the software will not run. Some older Dongles act as a terminator, effectively blocking the port for any other use, but later versions have a pass-through function, allowing a printer to be connected at the same time. Even though the PC can still communicate with the printer, there have been problems with more recent printers which use active two-way communications with the PC to notify printing status, ink levels, etc.
Driver
A driver is a small interface program which allows a computer to communicate with a peripheral device, such as a printer or a scanner. The driver will be automatically installed when you connect the device to the PC; hence the need for a CD-ROM or floppy disk when installing such peripherals.
Dual Homing
Due Care
Due is the collective steps that an organization must take to properly protect its networks, computer systems and data that resides on them.
Dynamic Host Configuration Protocol (DHCP)
Software that automatically assigns IP addresses to client stations logging onto a TCP/IP network. It eliminates having to manually assign permanent IP addresses. DHCP software typically runs in servers and is also found in network devices such as ISDN routers and modem routers that allow multiple users access to the Internet. Newer DHCP servers dynamically update the DNS servers after making assignments.
0 comments :
Post a Comment