Working for a safe, affordable, vibrant, innovative, and interconnected city.
Learn More
Seattle.gov Home Page
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Michael Mattmiller, Acting Chief Technology Officer
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Passwords
Securing Your Laptop
Protecting Your Home
Spyware Solutions
Wireless Network Security Solutions
Digital Consumer
Living Digital
Contact Us
Glossary of IT Terms

Information Security

Glossary A


This glossary contains industry standard and City specific IT terminology. The glossary should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
A B C D E F G H I J K L M
N O P Q R S T U V W X Y Z

Eavesdropping
Editor
Electronic Eavesdropping
Electronic Mail - E-mail
Encryption
End User


Eavesdropping
Listening to someone else's conversation. In its most basic form, it amounts to one person keeping within earshot of a conversation between two other persons, but in the security and IT worlds it extends to remote listening and recording devices, include the interception of telephone calls, fax transmissions, e-mails, data transmissions, data-scoping, and even radio scanning for mobile communications. The security implications for companies are primarily that user identification details or passwords can become known to criminally inclined individuals, or that confidential/sensitive information about the organization, its finances, or activity plans may leak to competitors.


Editor
A program which allows a user to create, view, and amend, the contents of certain types of files. There are several types of editors, the most common being Text Editors, and Hex (Hexadecimal) Editors. Editors work at the lowest level, either in ASCII (Text Editor) or directly with disk contents (Hex Editor). Although text Editors, e.g. Notepad in Windows, are common, companies should give consideration to staff access to Editors, particularly the more powerful types - such as Hex Editors. A Hex Editor can do considerable damage to the contents of computer files, which may not be recoverable.


Electronic Eavesdropping
Electronic eavesdropping is the intentional surveillance of data - voice, data, fax, e-mail, mobile telephones etc, often for nefarious purposes.


Electronic Mail - E-mail
Electronic Mail - an electronically transmitted message which arrives as a computer file on your PC or organization's server. Originally conceived as a simple means of sending short messages from one computer to another, the Simple Mail Transfer Protocol (SMTP) was introduced without security in mind. Whilst standards have been agreed for the attachment of files to e-mail messages, be aware that such files can contain malicious code such a virus. Use extreme caution when opening an e-mail message with an attachment; even if the e-mail is from someone you know; it is better to leave it unopened and enquire whether the e-mail is bona fide. If in doubt; destroy the e-mail and advise the sender that you have been unable to verify the authenticity of the attachment and to advise its contents. If in doubt; destroy the e-mail; if it's genuinely important, they will either make contact again or you have the option to send them an explanatory email.


Why is e-mail insecure?

  • An e-mail message can purport to have been sent from a specific individual, but the message could have come from someone else entirely. Anyone can set up an e-mail address with anyone else's name as the sender. e.g. a Mr. Bill Clinton could easily setup and email address as George_Bush@hotmail.com. However, where email comes from a company or organization, the user name is likely to have been setup centrally, with the opportunity for misrepresentation, less likely.
     
  • Even where you have your own organization's domain name e.g. email@myorganizationname.com, this too can be modified, such that the "From" field in the e-mail is sent with a fallacious sender; all designed to deceive the recipient.
     
  • An e-mail message can be opened by anyone; and not only the intended recipient. There is no authentication such that only the intended recipients are able to read the mail. Like a postcard, an e-mail may be read by anyone who comes across it, either legitimately, or otherwise.
     
  • The safe transmission of e-mail to its destination is not secure. Whilst the use of a "Read-Receipt" can be useful, especially using e-mail on Local Area Networks where network traffic is within known boundaries. E-mail sent across the Internet will pass through multiple computer nodes as it "hops" and "bounces" towards its destination address. However, even if it reaches its destination mail server, delivery to the recipient may be delayed or may not necessarily occur. Therefore, when e-mail is sent, even using a Digital Certificate, certified delivery to the recipient(s) is lacking. Best Practice is to request safe receipt from the recipient(s).
     
  • It does not carry any legal validity. Unless sent using a Digital Signature an e-mail does not carry the legal validity as enjoyed by hard copy or signed fax transmission. However, legal reliance upon an e-mail sent using a Digital Signature cannot necessarily be relied upon as it was only in 2000 that the US accepted that such e-mails could be used as legally binding documents.

  • Encryption
    The process by which data is temporarily re-arranged into an unreadable or unintelligible form for confidentiality, transmission, or other security purposes.


    End User
    Usually reduced simply to User. The person who actually uses the hardware or software that has been developed for a specific task.