3.1 Introduction The design of a successful information security policy and strategy for any organisation requires an assessment of a number of key factors. These factors can be categorised as either imperatives or incentives. Imperatives are pressures that force you to act. Incentives are the rewards and opportunities that arise from acting. In Subsection 3.2 we examine the main imperatives confronting organisations. These arise either from threats to information assets or from the obliga
2.3 What is information security management? Information security management is the process by which the value of each of an organisation's information assets is assessed and, if appropriate, protected on an ongoing basis. The information an organisation holds will be stored, used and transmitted using various media, some of which will be tangible – paper, for example – and some intangible – such as the ideas in employees' minds. Preserving the value of information is mainly a question of protecting the media in which it is
1 Why is information security important? This unit introduces you to information security and its management. A succinct definition of information security might run as follows: Information security is the collection of technologies, standards, policies and management practices that are applied to information to keep it secure. But why is it important to secure information? And how should its security be managed? To s
12.2 Diallers Diallers are a problem which only affects internet users who have a dial-up connection. A dialler is a type of software mostly used by pornography vendors. Once the dialler software is downloaded and run, you are disconnected from your ISP and connected to another phone number. You are then charged for the use of this number. While diallers do not spy on you, they are malevolent in nature because they can run up huge costs for the victim. They usually connect to a premium-rate phone line, and
8 How to protect yourself against spam People and organisations can only send spam if they have a collection of email addresses to send to. They ‘harvest’ these addresses: from legitimate company databases; from web pages; from chat rooms; by guesswork; from people who use an unsubscribe option. To minimise the spam you receive: Check whether you can set rules
7.3 ADV: Some spam mail includes ‘ADV:’ in the title. This indicates that it is part of the system used in the US to allow spam mail but to highlight that it is an advertisement. You can then make an informed choice as to whether to read or delete the message. ADV: also allows users of email systems that have filtering facilities, such as Outlook, Eudora or Pegasus, to set a rule that will automatically remove the message. The way this works is that some email systems allow you to define a s
7.2 Should I unsubscribe from mailing lists? Many spam messages have a line at the bottom offering to unsubscribe you from a mailing list, but you should be very wary of doing this. Quite often the senders of the spam will use the ‘unsubscribe’ option to verify that your email address is live. They may then sell your address to other people for use in spamming. So using the unsubscribe option can increase your spam rather than reduce it. Our advice is never to use the unsubscribe option unless the mail you receive is from a well-kno
2.2.1 What is the difference between a worm and a virus? Unlike a virus, a worm does not infect files on a host computer. Instead it adds a file to the computer that is malicious code, and runs it ‘in the background’. A computer has many programs running in this way in order for its system to operate. For instance, when you create a document you can see the text editor, such as Microsoft Word, Notepad or Star Office, but in the background the spell checker or the printer program are working even though you do not see them on the screen. W
Learning outcomes By the end of the unit you should be able to: distinguish between different kinds of malicious software (viruses, worms and trojans) and protect yourself against them; describe a range of security problems (spam, hoaxes, spyware and adware, homepage hijackers, diallers) and how to deal with them; explain the key principles of safety online; explain the key principles of keeping children safe online.
4.6 Lineage linked data Earlier you saw how a genealogical database records relationships between people. A lineage linked database allows queries such as ‘Ada Rosewell the daughter of John Rosewell’ and makes possible the creation of family pedigrees and other charts. For example, the pedigree chart below shows how Alcimenes was the son of Jason (the Argonaut) and Medea and the grandson of Aeson and Alcimedes. 2.4 Using search engines Search engines can be very good at finding information since they cover such a huge number of web pages. Unfortunately it can be difficult to find the one you want in the huge number of hits that they return. I can illustrate some of the problems, and some of the strategies you can use to overcome them, with an example. Let's assume a friend of yours, Jill, has heard you talking about ‘Living with the Net’ and is trying to find out more about the course. What problems might Jill fac 7.4 Understanding RFID tags An RFID tag consists of a microchip and an antenna and some kind of encapsulation, such as epoxy resin, to bind the two together and protect them. Tags come in a variety of shapes and sizes (Figure 20), and are generally one of two main types: active or passive. You 6.6 ZigBee Development of the ZigBee standard is the result of a group of interested parties coming together to form the ZigBee Alliance. When approved it will be an open standard sitting within a subset of the IEEE 802.15.4 low-data wireless standard. At the outset ZigBee was designed specifically for networks set up for the purposes of monitoring and control. Two of the major development aims were that it should be low cost (so that it is cheap to install and maintain), and low power (for long battery 6.3 Describing use cases To understand the work, you need a good idea of what each use case means. To get a feel for what this might entail, look again at Figure 3 (reproduced below) which shows a simple use case model for a hotel chain reservation system. Note that Figure 3 is not intended to be an exhaustive model of the hotel domain; the scope of the problem to be solved is confined to reservations and the processes of checking in and out. 4.3 A commercial implementation In order to conclude this section I shall describe a commercial implementation of an object bus. It has been developed by a company known as SoftWired Ltd and is known as iBus. It is based on TCP/IP rather than UDP. The facilities offered by the iBus API provide developers with the facilities to construct objects which can subscribe to channels and to transmit any Java object to a channel. The code for a transmitter is shown below; the import statements are not shown. In 7.2.15 E-learning This term is used to describe companies or organisations who offer educational courses via the web. The quality and features found in sites which can be described by this business model can vary. At its simplest such sites offer students the ability to download conventional texts. More complex instantiations of the model offer the students facilities to read individual lessons, try out online multiple choice questions and experience simulations relevant to the topic being taught. 2.1 What is a group? Our tendency to form groups is a pervasive aspect of organisational life. As well as formal groups, committees and teams, there are informal groups, cliques and cabals. Formal groups are used to organise and distribute work, pool information, devise plans, coordinate activities, increase commitment, negotiate, resolve conflicts and conduct inquests. Group working allows the pooling of people's individual skills and knowledge, and helps compensate for individual deficiencies. It has been 2.6 Auction sites These are sites on the web which run conventional auctions. There are two types of auction: those that are carried out in real time, where participants log in to an auction site using a browser at a specified time and bid for an article until the highest price is reached and no other bids are forthcoming. The other type of site – and the most common – is where an item is offered for sale and a date advertised after which no more bids are accepted. Such sites make a profit from two sources 1.9 Summary Relational database systems underpin the majority of the managed data storage in computer systems. In this unit we have considered database development as an instance of the waterfall model of the software development life cycle. We have seen that the same activities are required to develop and maintain databases that meet user requirements. 3.6.4 Using a computer Besides other things, a computer offers the opportunity to organise, reorganise, and delete material, without having to write everything out every time you make a change. It also allows you to make notes as you go along, file them easily, and add and update them in your revision period. You may even find that one of your software packages supports a facility for making notes. You will certainly have a range of layout facilities and graphics to enhance your notes.
Author(s):