D

Data controller – this is the person, within an organisation, who is responsible (in the UK, anyway) for the organisation’s compliance with the Data Protection Act.

Data Encryption Standard (DES) – is a widely used symmetric encryption standard. It is used for long communications and is relatively speedy to use. It is, however, quite an old system and this has led to triple DES (or AES), in which the same data are encrypted three times, employing different keys, which exponentially increases the strength of the encryption. Only the creator and receiver have the DES key (or keys); the key(s) are usually exchanged using either a shared master key or a pre-existing key exchange protocol.

Data Protection Act 1998 (DPA) – the legislation (UK) that sets out requirements for handling and protecting personal information and data.

Data Protection Officer (DPO) – the person appointed by an organisation with the responsibility for ensuring that the organisation complies with the DPA.

Data retention policies – in each jurisdiction (and sometimes for each individual regulation or statute) there are very specific requirements about the length of time for which organisations have to retain particular types of data. These requirements form the basis of the organisational data retention policy, which will then require technological and procedural elements for its implementation. It will also give rise to data storage and back-up issues.

DDoS – see Distributed Denial of Service Attack.

Decryption – this is the opposite of encryption, and involves translating encrypted content back into its original (usually plaintext) form.

Defence in-depth – see Layered security.

Denial of Service Attack (DOS) – this sort of attack is designed to put an organisation out of business, or to interrupt the activities of an individual or group of individuals for a time by freezing its systems. This is usually done by flooding a web server (or other device) with e-mail messages or other data so that it is unable to provide a normal service to authorised users.

DES – see Data Encryption Standard.

Dialler – software (usually on a website) that will dial out to another website and charge back to you (on a credit card or, more usually, on your existing telephone bill) for the time used while on that site. The charge rate will not necessarily be lower than that of your existing supplier. See Auto-diallers.

Dial-up connection – Uses a modem to connect to an Internet Service Provider.

‘Dictionary attack’ – see Password cracking.

Digital audio tape – tape format used for storing and backing up data.

Digital certificate – (sometimes called a Server ID) is an encrypted file that attests to the authenticity of the owner of a public key, used in public key encryption; the certificate is created by a trusted third party known as a certificate authority (CA). The digital certificate is proven to be authentic because it decrypts correctly using the public key of the CA.

Digital Rights Management (DRM) – is any technology that copyright owners might deploy to protect their interests in software or digital content. The technology only allows someone who has purchased a licence to use the material that it is protecting.

Digital signature – is encrypted data that binds a sender’s identity to the digital information that is being transmitted. It is essential for non-repudiation.

Digital watermarking – is another term for steganography and is likely to become an important part of copyright management on the Internet. There are a number of companies offering competing digital watermarking technologies, both to create and to view digital watermarks.

Directory harvesting – Outlook and other e-mail client software programs contain directories of individual names and e-mail addresses. Directory harvesting attacks commandeer these directories and use them for the distribution of spam, viruses or worms.

Disability Discrimination Act 1995 (DDA) – this UK statute has clauses that require websites to be accessible to people with disabilities.

Disaster recovery management – see Disaster recovery plan.

Disaster recovery plan – this is a scenario-based plan developed to deal with the after effects of an ‘Act of God’. Business continuity and disaster recovery planning should go hand-in-hand, otherwise one could spend far too long arguing over whether restoration of systems from the back-up is part of the disaster recovery or the business continuity plan. Certainly, disaster recovery management (or DRM) is about planning for and testing – usually rehearsing specific scenarios – potential disasters, such as fire, flood, terrorist attack, etc.

Disclaimers – are not necessarily worth the (digital) paper on which they are written, but they are nevertheless an essential statement of ownership and intended destination of information sent electronically.

Discoverable – Setting on a Bluetooth device that broadcasts its existence to other Bluetooth devices.

Distributed Denial of Service Attack (DDoS) – this uses the computers of other, third party organisations or individuals (which have themselves been commandeered by the hacker) to mount an even larger-scale attack on a target.

DMZ – a demilitarised zone (the term has a military origin, meaning the buffer zone between two enemies) is a computer or small network between the organisation’s secure perimeter (the trusted zone is inside this perimeter) and an untrusted zone, such as the Internet. Typically, the DMZ contains devices accessible to Internet traffic, such as web servers, FTP servers, e-mail servers and DNS servers.

Document – information and its supporting medium.**** In ISO/IEC 20000, records are distinguished from documents by the fact that they function as evidence of activities rather than evidence of intentions.

Document control – a system whereby all documents within the system have a standard numbering system that identifies where they sit within that system, as well as a version number, an issue date, and a document owner, so that the currency of the document is always clear. When a controlled document is amended, all copies of it should be simultaneously withdrawn and replaced by the new version.

Domain controller – a domain contains a number of resources (applications, folders, printers, etc.) and a domain controller is the server that manages the details of all the users authorised to access the domain.

Domain name – every website and e-mail address has a unique IP address which, when represented in letters (e.g. www.itgovernance.co.uk), is its domain name.

Domain Name Server (DNS) – is a server that translates domain names into IP addresses.

Download – transfer a copy of a file (which may be data or a software program) from a remote computer (usually a website) to a requesting computer via a network (or Internet) connection.

DPA – see Data Protection Act.

Dumpster diving – Raiding rubbish bins to gather personal information.