|
Information Security
Glossary A
This glossary contains industry standard and City specific IT terminology. The glossary
should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
Macro
Macro-Virus
Mainframe
Malicious Code
Masquerading
Media
Methodology
Migration
Mirroring
Mission Critical
Macro
A series of commands grouped together as a single command to automate
repetitive and/or complex tasks. Technical purists argue as to whether or not
writing macros is actually programming, but from the perspective of most end
users, it amounts to pretty much the same thing. Macro recording facilities are
now built in to most standard business/office software packages, covering word
processing, spreadsheets, databases, graphics and presentations, etc. Malicious macros are not unknown; they can be transmitted to other users
through the document in which the macro is embedded. Whether or not creating a
macro is regarded by an organization as 'programming', it is advisable that all
macros created or used within an organization are checked for their function and
compliance with security regulations.
Macro-Virus
A virus containing a malevolent macro. Depending upon the way the virus is
delivered it may sometimes be known as a Trojan, or a Worm. The widespread
network problems caused around the globe in May 2000 were the result of such a
virus.
Mainframe
Used originally as a term for almost any computer system, then to describe a
large system, the term 'mainframe' is used less frequently as the numbers in use
decline. This is due largely to the massive increase in processor power of
smaller computers. A year 2000 home user desktop computer has more storage
capacity and raw processing power than a 1966 vintage mainframe, and an entire
organization can now be run with just one desktop server connected to a number
of PCs. Mainframes (and Supercomputers) are still being built, installed and run, but
their use tends to be restricted to the scientific/academic/government
communities rather than the commercial world.
Malicious Code
Malicious code includes all and any programs (including macros and scripts)
which are deliberately coded in order to cause an unexpected (and usually,
unwanted) event on a user's PC. However, whereas anti virus definitions
('vaccines') are released weekly or monthly, they operate retrospectively. In
other words, someone's PC has to become infected with the virus before the
anti-virus definition can be developed. In May 2000, when the 'Love Bug' was
discovered, although the Anti Virus vendors worked around the clock, the virus
had already infected tens of thousands of organizations around the world, before
the vaccine became available.
However, this may not be fast enough to prevent your PC from becoming
infected with a virus that was delivered to your PC whilst you were innocently
browsing a new Web site.
In June 2000 it was further revealed that a new type of attack was possible;
called the 'No-Click' Stealth Bomb Attack. Such attacks use HTML, the code used
for Web sites and, within this code, the pay load is then executed. The threat
is that HTML is not only found on Web sites but can also be used to format and
present the text of an e-mail. This means that simply opening an e-mail
encoded in HTML, could deliver its pay load with no user intervention at all.
The solution is to run both a top rate anti-virus program and also a
malicious code detection system which is able to constantly monitor the
behavior of downloaded "content" (e.g. a "harmless" page from a Web site)
including executable files (.exe), scripts, ActiveX and Java. Such solutions can
either run on individual PCs and workstations or from a central server.
See Compressors and Packers.
Masquerading
Identifying yourself as someone else, i.e. purporting to be another (probably
genuine) user for example, sending an e-mail to a client under someone else's
name. E-mail systems usually do not allow the sender's 'From' field to be
altered, but those that do thereby permit messages to be sent under a completely
false name.
Media
The physical material which stores computer information. Comes in two basic
types - Fixed and Removable - and a variety of flavors:-
- Hard Disk, Floppy Disk, Compact Disc, Laser Disk, Magneto-Optical Disk, Zip
Disk, Super Floppy, Magnetic Tape Reel, Magnetic Tape Cartridge, Digital Audio
Tape, Paper Tape, and so on and so forth.
- Each of these have their 'for' and 'against' lobby groups, and there are no
'best' media, only the 'most appropriate' for a given organization in given
circumstances.
- Irrespective of which media are used, they will contain important data, and
therefore must be used and stored under properly controlled conditions.
Methodology
A term that is often misused / misapplied. In systems development, the tasks
required to achieve the end result can be complex and usually require adoption
of a disciplined and formal approach. Having perfected such an approach,
consulting companies and software developers will refer to their methodology.
Methodology suggests an almost scientific and objective approach, which, of
course, is rarely the case.
Migration
Changing from one computer system to a different one, entailing changes in
software and the transfer of data from the old system to the new, possibly
necessitating conversion of data from the old format into another for use on the
new system. For example: switching from an NCR-based system to an IBM
constitutes a migration, while simply moving to a larger, newer, NCR system
would be an 'upgrade'. Migrations are complex, and any
organization contemplating or conducting one
would be well advised to appoint a dedicated Project Manager and team, to ensure
its smooth implementation.
Mirroring
Writing duplicate data to more than one device (usually two hard disks),
in order to protect against loss of data in the event of device failure.
This technique may be implemented in either hardware (sharing a disk
controller and cables) or in software. It is a common feature of RAID
systems. When this technique is used with magnetic tape storage systems, it
is usually called 'twinning'.
A less expensive alternative, which only limits the amount of data loss
(rather than eliminating the risk entirely), is to make regular backups from
a single disk to magnetic tape.
An archive or web site which keeps a copy of some or all of the files at
another site so as to make them available more quickly to local users and to
reduce the load on the source site. Such mirroring is usually done for
particular directories or files on a specific remote server, as opposed to a
cache or proxy server which keeps copies of everything that has been
requested through it.
Mission Critical
Derived from Military usage, the term is used to describe activities,
processing, etc., which are deemed vital to the organization's business success
and, possibly, its very existence. Some major applications are described ad being Mission Critical in the sense
that, if the application fails, crashes, or is otherwise unavailable to the
organization, it will have a significant negative impact upon the business.
Although the definition will vary from organization to organization, such
applications include accounts/billing, customer balances, computer controlled
machinery and production lines, JIT ordering, delivery scheduling, etc.
|
