Home » Thought Leadership » Currently Reading:

Do you speak geek?

June 21, 2010 Thought Leadership

If Spanish is the new French where does that leave Geek? Sean Glynn, VP marketing at Credant Technologies explains the latest IT security lingo.

The IT industry loves its acronyms, why is anyone’s guess – maybe it’s a speed thing, perhaps it’s the whole idea of writing code or overcome language barriers, I’ve even heard “it’s to do with saving bandwidth”, whatever! What I do know is it’s confusing for those on the outside to keep up when the IT crowd are in full flow – a typical discussion would be ‘what’s the difference between SED and FDE and which is better?’ If you found you reworded the question to ‘what is’ then read on – I’m going to give you a sneak peek inside the mind of a geek.

Today, every business utilises technology in some form. However, this miracle of science has a split personality – a silent evil slashing an enterprises’ artery and haemorrhaging sensitive data, while the other is white knight reversing the tide and stemming the flow of bad blood generated with each data breach.

WIIDWID?

So let’s begin with IT security and why it is doing what it’s doing. First is the realisation that it’s not alone in its penchant for acronyms, regulators have affection for them too, resulting in a common ground between the board room and the IT domain with compliance a significant driver to both:

DPA – The Data Protection Act 1998 is a UK Act of Parliament and the main piece of legislation that governs the control and protection of personal data.

PCI DSS – The Payment Card Industry Data Security Standard is a worldwide information security standard created to prevent credit card fraud through increased controls around data and its exposure to compromise.

HIPAA – The Health Insurance Portability and Accountability Act of 1996 is a set of US federal standards that requires healthcare organisations to implement security standards that protect (and keep up to date) patient data and to standardise on electronic data interchange.

SOX – The Sarbanes-Oxley Act of 2002 is a US federal law. The bill was enacted as a reaction to major corporate and accounting scandals. It covers issues such as auditor independence, corporate governance, internal control assessment and enhanced financial disclosure.

WATDIW?

Okay, that’s why, so the natural progression is what are they doing it with?

FIPS 140-2 – a U.S. government computer security standard used to accredit cryptographic modules. It defines four levels of security, simply named “Level 1″ to “Level 4″ however, it does not specify in detail what level of security is required by any particular application so it should not be considered as a guarantee that the product is secure.

Common Criteria – is a framework in which users can specify their security functional and assurance requirements, vendors then implement and/or make claims about the security attributes of their products, and testing laboratories evaluate the products to determine if they actually meet the claims. As with FIPS, just because a product is Common Criteria certified, does not necessarily mean it’s completely secure.

The Cloud – describes a new supplement, consumption and delivery model for IT services over the Internet.

Keylogging – tracking the keys pressed on the keyboard in a covert manner to steal passwords, banking details, etc. Previously a piece of malware, there are now hardware instances – for example a keyboard that looks legitimate so this is a diversifying threat.

DLP – data loss prevention refers to systems that identify, monitor, and protect data in use (eg, endpoint actions), data in motion (eg, network actions), and data at rest (eg, data storage) through deep content inspection, contextual security analysis of transaction and with a centralised management framework.

Encryption – the conversion of data into a form that cannot be easily understood by unauthorised people. Decryption is the process of converting it back to its original form.

FDE – Full Disk Encryption, does what it says on the tin, using disk encryption software to encrypt every bit of data that goes on a disk or disk volume (excepting the Master Boot Record, which most FDE solutions leave unencrypted)

SED – a Self Encrypting Drive is a hard drive based on the Trusted Computing Group’s specifications, it can lock-down data automatically in less than a second and can be immediately and completely erased in milliseconds. SEDs are easily deployed and managed cost effectively and are interoperable across PC platform types. It is an emerging technology so watch this space to see if it delivers.

BitLocker Drive Encryption – a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft’s Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It’s designed to protect data by providing encryption for entire volumes.

U3 enabled – U3 Smart Drives are regular USB flash drives with a twist. Programs can be installed on them that launch independently of the machine it’s inserted into and the data from those programs travels on the device – leaving nothing behind. While beneficial in the fight against data leakage, it has a malicious persona – for example, if it’s preloaded with malware and plugged into a logged on PC it could inject a virus into the system that is untraceable.

Black List – a list or register of items, for whatever reason, that are being denied a particular privilege, service, mobility, access or recognition.

White List – similar to a black list but instead of denying, you stipulate which are accepted so it’s easier to build up from a security perspective than eliminating backwards.

SAM Database – the Security Accounts Manager database, used by Windows (and possibly other OSs), manages user accounts. It’s implemented as a registry file that is locked for exclusive use while the OS is running. If its contents were discovered by subterfuge, the keys are encrypted with a one-way hash, making it difficult to break. Some versions have a secondary key, locking the encryption to that copy of the OS.

TPM – Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It includes capabilities such as remote attestation and sealed storage.

An industry ideosyncrasy

Acronyms may be confusing but are not designed to make the user sound superior, they’re just an industry idiosyncrasy, we all have them. However, the threat against data is serious and we mustn’t let language cause a misunderstanding that thwarts our efforts – after all, it’s not a necessity it’s a requirement.

Subscribe to the newsletter:

Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for our Email Newsletter

Our Sponsors

<

Stay Connected

Follow VitALMagazine on Twitter RSS

Features:

Shifting up a gear

November 16, 2011

Shifting up a gear

Over the last three years outsource Service Management supplier The Internet Group has been scaling up its services to add the mid-market to its existing portfolio of SME clients. In the process it has had to tackle SDI and ITIL and fundamentally shift up a gear in the way it does business. Matt Bailey spoke [...]

Translating knowledge into results

November 16, 2011

Translating knowledge into results

A familiar name in the world of ITIL, Pink Elephant has been at the forefront of IT management best practise for over 30 years. Caroline Wyatt, Head of Corporate Development explains the company’s approach and offers an example of how its ‘classroom in the cloud’ approach to training is helping one of its clients. Pink [...]

Service Catalogues – Changing the face of IT

November 16, 2011

Service Catalogues – Changing the face of IT

At a recent seminar, the delegates chose the Service Catalogue as their focus. With this in mind, Cherwell Software’s Tony Probert, sets out to explore the business benefits for an organisation of developing and implementing a Service Catalogue. Having attended a recent seminar hosted by the Service Desk Institute (SDI), it reminded me that people [...]

Evolution of theory

November 16, 2011

Evolution of theory

Christine Headford, product director at RMS Services explains why continual service improvement (CSI) must evolve to include business intelligence (BI) and how HEROes – highly empowered and resourceful operatives can help. ITIL has been around a long time; it is 20 years since the first ITIL manuals started appearing on desks and IT professionals started [...]