| CD-R (Compact Disk Recordable) |
A recording medium in the form of a compact disk on which data can be written only once |
| DAT (Digital Audio Tape) | A recording medium in the form of a magnetic tape on which data is stored electromagnetically |
| DoS attack (Denial of Service) | An attack to disable a service by applying too much load on the computer or network or by accessing through a security hole |
| DVD-RAM (Digital Versatile Disk-Random Access Memory) |
A recording medium in the form of a DVD on which rewritable data is stored |
| FD (Floppy Disk) | A recording medium in the form of a flexible disk |
| HDD (Hard Disk Drive) | A recording medium in the form of a hard disk |
| IT (Information Technology) | Information technology |
| LAN (Local Area Network) | A network or segment that links terminals located within a limited area (the government ministries and agencies, for example) |
| MO (Magneto-Optical disk) | A recording medium in the form of a magneto optical disk |
| MT (Magnetic Tape) | A recording medium in the form of a magnetic tape |
| Access | An action to use information assets stored within a computer system |
| Access authority | An authority that permits access to information assets |
| Computer virus | A program designed to do harm to programs and databases owned by others. It has at least one of the self- contagion function, incubation function, and symptom- presentation function |
| Server | Software or hardware that offers intended services |
| System software | A program intended to manage an information system |
| Security management software | A program designed for information security management |
| Security hole | A bug of software that poses a problem of information security |
| Source code | An original program written in a programming language |
| Software | A generic name of programs and data |
| Display | An output device in the form of a CRT or CLD |
| Data | Electromagnetically stored information |
| Network | A group of nodes and lines that are interconnected for communication |
| Network resources | Resources that comprise a network |
| Hardware | Generic name for computer devices |
| Password | A code that authenticates the user |
| Hacking software | A program designed to attack information assets |
| Backup | A copy of a program or data stored in a separate medium |
| File | A set of programs or data stored in memory or storage devices |
| Host computer | A computer in a network, or the central processing computer in a centralized information system |
| Mail address | An address to which an e-mails are sent |
| Modem (MOdulater-DEModulater) |
Located between an analog communication line and digital lines connected to a computer for modulation and demodulation of voice signals and digital data signals |
| Mobile terminal | A portable information system like cellular phone |
| Risk | Danger that an information system is exposed to |
| Logout | The procedure by which a user ends access to a computer system |
| Login | The procedure by which a user begins access to a computer |
| Vaccine software | A program that checks computer viruses, prevents the viruses, or restores an infected computer |
| Patch program | Additional software that corrects defects (in information security) in software |
| Electromagnetic recording | A recording method by electronic and magnetic means that human senses cannot recognize, for use in information processing |
| Unauthorized access | Access to a computer system from non-users of the system using an unauthorized action specified in a Item 2, Article 3 of the Law Concerning Prohibition of Illegal Access to Computer Systems (Unauthorized Computer Access Law) or other illegal actions or access to a computer system from the user beyond the permitted scope |
| Law Concerning Prohibition of Illegal Access to Computer Systems (Unauthorized Computer Access Law) |
The law that prohibits unauthorized access to computer systems (Law #128, 1999) |
| (1) | Standards of security and reliability of information communication network (Notification of the Ministry of Posts and Telecommunications, 1987) |
| (2) | Standards of Measures against Computer Viruses (Notification of the Ministry
of International Trade and Industry, 1995) http://www.miti.go.jp/kohosys/topics/10000098/esecu07j.pdf |
| (3) | Standards of Measures against Unauthorized Access to Computers (Notification
of the Ministry of International Trade and Industry, 1996) http://www.miti.go.jp/kohosys/topics/10000098/esecu06j.pdf |
| (4) | Standards of System Auditing (Official Announcement of the Ministry of International
Trade and Industry, 1996) http://www.miti.go.jp/kohosys/topics/10000098/esecu08j.pdf |
| (5) | Guidelines of Information System Security (Notification of the National Public
Safety Commission, 1997) http://www.npa.go.jp/soumu2/kokuji.htm |
| (6) | Guidelines of Administration Information System Safety (Approved on July 30,
1999 by the Board of Managers, Liaison Conference for the Ministries and Agencies
Concerning Administration Information System (Inter-ministerial Meeting of Government
Information Systems Division-Directors) http://www.somucho.go.jp/gyoukan/kanri/990816c.htm |
| (7) | BS7799 Information security management |
| (8) | ISO/IEC 15408 (Security technology - Evaluation Standards of Information Technology Security) |
| (9) | ISO/IEC TR 13335 Information technology - Guidelines for the management of IT security - (GMITS) |
| (10) | Manual for Formulating Security Policies at Banking Facilities (Banking Information
System Center Foundation (The Center for Financial Industry Information Systems) http://www.fisc.or.jp/ippan_3.htm |
| (11) | RFC2196 Site Security Handbook http://www.ipa.go.jp/SECURITY/rfc/RFC.html |
| (12) | CIRCULAR NO. A-130 Security of Federal Automated Information Resources http://www.whitehouse.gov/OMB/circulars/a130/a130.html |
| (13) | Special Publication 800-12 An Introduction to Computer Security: The NIST
Handbook http://csrc.nist.gov/nistpubs/ |
| (14) | Special Publication 800-14 Generally Accepted Principles and Practices for
Securing Information Technology Systems http://csrc.nist.gov/nistpubs/ |
| (15) | Special Publication 800-18 Guide for Developing Security Plans for Information
Technology Systems (1998) http://csrc.nist.gov/nistpubs/ |
| (16) | Practices for Securing Critical Information Assets (2000) http://www.ciao.gov/CIAO_Document_Library/Practices_For_Securing_Critical_Information_Assets.pdf |
| (17) | NIST Special Publication 800-20 Internet Security Policy: A Technical Guide http://csrc.nist.gov/nistpubs/ |
| (18) | Information Security: Computer Hacker Information Available on the Internet. Statement of Jack L Brock Jr. and Keith A Rhodes. Testimony before the Permanent Subcommittee on Investigations, USGAO. |