IV. Appendix

1. Glossary

(Compact Disk Recordable)
A recording medium in the form of a compact disk on which data can be written only once
DAT (Digital Audio Tape) A recording medium in the form of a magnetic tape on which data is stored electromagnetically
DoS attack (Denial of Service) An attack to disable a service by applying too much load on the computer or network or by accessing through a security hole
(Digital Versatile Disk-Random
Access Memory)
A recording medium in the form of a DVD on which rewritable data is stored
FD (Floppy Disk) A recording medium in the form of a flexible disk
HDD (Hard Disk Drive) A recording medium in the form of a hard disk
IT (Information Technology) Information technology
LAN (Local Area Network) A network or segment that links terminals located within a limited area (the government ministries and agencies, for example)
MO (Magneto-Optical disk) A recording medium in the form of a magneto optical disk
MT (Magnetic Tape) A recording medium in the form of a magnetic tape
Access An action to use information assets stored within a computer system
Access authority An authority that permits access to information assets
Computer virus A program designed to do harm to programs and databases owned by others. It has at least one of the self- contagion function, incubation function, and symptom- presentation function
Server Software or hardware that offers intended services
System software A program intended to manage an information system
Security management software A program designed for information security management
Security hole A bug of software that poses a problem of information security
Source code An original program written in a programming language
Software A generic name of programs and data
Display An output device in the form of a CRT or CLD
Data Electromagnetically stored information
Network A group of nodes and lines that are interconnected for communication
Network resources Resources that comprise a network
Hardware Generic name for computer devices
Password A code that authenticates the user
Hacking software A program designed to attack information assets
Backup A copy of a program or data stored in a separate medium
File A set of programs or data stored in memory or storage devices
Host computer A computer in a network, or the central processing computer in a centralized information system
Mail address An address to which an e-mails are sent
Located between an analog communication line and digital lines connected to a computer for modulation and demodulation of voice signals and digital data signals
Mobile terminal A portable information system like cellular phone
Risk Danger that an information system is exposed to
Logout The procedure by which a user ends access to a computer system
Login The procedure by which a user begins access to a computer
Vaccine software A program that checks computer viruses, prevents the viruses, or restores an infected computer
Patch program Additional software that corrects defects (in information security) in software
Electromagnetic recording A recording method by electronic and magnetic means that human senses cannot recognize, for use in information processing
Unauthorized access Access to a computer system from non-users of the system using an unauthorized action specified in a Item 2, Article 3 of the Law Concerning Prohibition of Illegal Access to Computer Systems (Unauthorized Computer Access Law) or other illegal actions or access to a computer system from the user beyond the permitted scope
Law Concerning Prohibition
of Illegal Access to
Computer Systems (Unauthorized
Computer Access Law)
The law that prohibits unauthorized access to computer systems (Law #128, 1999)

2. For Reference

(1) Standards of security and reliability of information communication network (Notification of the Ministry of Posts and Telecommunications, 1987)
(2) Standards of Measures against Computer Viruses (Notification of the Ministry of International Trade and Industry, 1995)

(3) Standards of Measures against Unauthorized Access to Computers (Notification of the Ministry of International Trade and Industry, 1996)

(4) Standards of System Auditing (Official Announcement of the Ministry of International Trade and Industry, 1996)

(5) Guidelines of Information System Security (Notification of the National Public Safety Commission, 1997)

(6) Guidelines of Administration Information System Safety (Approved on July 30, 1999 by the Board of Managers, Liaison Conference for the Ministries and Agencies Concerning Administration Information System (Inter-ministerial Meeting of Government Information Systems Division-Directors)

(7) BS7799 Information security management
(8) ISO/IEC 15408 (Security technology - Evaluation Standards of Information Technology Security)
(9) ISO/IEC TR 13335 Information technology - Guidelines for the management of IT security - (GMITS)
(10) Manual for Formulating Security Policies at Banking Facilities (Banking Information System Center Foundation (The Center for Financial Industry Information Systems)

(11) RFC2196 Site Security Handbook

(12) CIRCULAR NO. A-130 Security of Federal Automated Information Resources

(13) Special Publication 800-12 An Introduction to Computer Security: The NIST Handbook

(14) Special Publication 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems

(15) Special Publication 800-18 Guide for Developing Security Plans for Information Technology Systems (1998)

(16) Practices for Securing Critical Information Assets (2000)

(17) NIST Special Publication 800-20 Internet Security Policy: A Technical Guide

(18) Information Security: Computer Hacker Information Available on the Internet. Statement of Jack L Brock Jr. and Keith A Rhodes. Testimony before the Permanent Subcommittee on Investigations, USGAO.