|
|
|
Information Security
Glossary A
This glossary contains industry standard and City specific IT terminology. The glossary
should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
LCD
LED
Legacy / Heritage System
Live / Production
Local Area Network (LAN)
Locking
Lockout
Logging
Loggon/off
Logic Bomb
Logical Access
Logical Security
LCD
Liquid Crystal Display.
LED
Light-Emitting Diode A Diode which emits light, <gasp>. Does exactly what it
says on the 'tin'.
Legacy / Heritage System
A legacy system is a hardware and software system which uses technologies
which are 'old' in comparison with today's technology. Typically, legacy systems
use character terminals (although many have been made to look smarter by
enabling access through a Graphical User Interface), and process data through a
proprietary database etc.
Live / Production
When a system is 'in production' or is said to be 'live', it means that it is
being used to process active work or transactions, and it is no longer in test
mode. Organizations should always differentiate between and separate systems which
are being evaluated, tested, or developed from those which are 'live'.
Local Area Network (LAN)
A home or office network operated within one location. This may comprise one or more adjacent buildings, but a local network will normally be connected by fixed cables or, more recently,
short range radio equipment. A LAN will not use modems or telephone lines for
internal communications, although it may well include such equipment to allow
selected users to connect to the external environment.
Locking
A technique used to prevent unauthorized changes to file contents, also known
as 'Read Only'. Typically a document - for example a disciplinary letter to a
member of staff, - will be created and then 'locked' with a password. Other
authorized users will be able to view the contents and even make copies, but
only the originator of the document has the password needed to gain access to
change the content.
Lockout
Technique used to stop an (apparently) unauthorized attempt to gain access to
the system. A typical example is the three tries limit on password entry. It may
be a simple matter of a genuine user forgetting their ID and password, or making
a mistake in trying to enter, but after three attempts, the system will Lockout
that user and report an attempted intrusion to the Security Administrator. Information Security will have to reset the user records to allow another
logon attempt.
Logging
The process of recording events at the time that they occur.
Logon/off
The processes by which users start and stop using a computer system.
Logic bomb
Also known as Slag Code and commonly associated with Disgruntled Employee
Syndrome, a Logic Bomb is a piece of program code buried within another program,
designed to perform some malicious act. Such devices tend to be the province of
technical staff (non-technical staff rarely have the access rights and even more
rarely the programming skills required) and operate in two ways:-
'Triggered Event' for example, the program will review the payroll
records each day to ensure that the programmer responsible is still
employed. If the programmers name is suddenly removed (by virtue of having
been fired) the Logic Bomb will activate another piece of code to Slag
(destroy) vital files on the organization's system. Smarter programmers will
build in a suitable delay between these two events (say 2-3 months) so that
investigators do not immediately recognize cause and effect.
'Still Here' - in these case the programmer buries coding similar
to the Triggered Event type but in this instance the program will run unless
it is deactivated by the programmer (effectively telling the program - "I am
still here - do not run") at regular intervals, typically once each quarter.
If the programmer's employment is terminated unexpectedly, the program will
not be deactivated and will attack the system at the next due date. This
type of Logic Bomb is much more dangerous, since it will run even if the
programmer is only temporarily absent - e.g. through sickness, injury or other
unforeseen circumstances - at the deactivation point, and the fact that it
wasn't meant to happen just then is of little comfort to organization with a
slagged system.
Logic Bombs demonstrate clearly the critical need for audit trails of
activity on the system as well as strict segregation of duties and access rights
between those staff who create systems - analysts, developers, programmers, -
and the operations staff who actually run the system on a day-to-day basis.
Logical Access
Logical access refers to the connection of one device or system to another
through the use of software. The software may run, say as the result of a user
powering a PC, which then executes the login sequence, or it may be the result
of internal processing between systems.
Logical Security
Software safeguards of the organization's systems, for instance: IDs, Passwords,
Access Rights, Authority levels, etc.
|
|
|
