NCJ Number
61507
Journal
SECURITY AND PROTECTION Volume: 11 Issue: 1 Dated: (JANUARY 1979) Pages: 25-29
Date Published
1979
Length
4 pages
Annotation
MEASURES TO PROVIDE SECURITY AGAINST CRIME OR ACCIDENTS, FOR COMPUTER HARDWARE, SOFTWARE, AND PERSONNEL, ARE DESCRIBED BY A SECURITY CONSULTANT.
Abstract
COMPUTERS FACE FIVE TYPES OF THREATS: (1) ACCIDENTAL OR DELIBERATE HARDWARE DAMAGE, (2) CORRUPT SYSTEMS DESIGN OR PROGRAMMING, (3) FALSE INPUT DATA AND TERMINAL INTERFERENCE, (4) THEFT OF INFORMATION, AND (5) INTERCEPTION OF COMMUNICATION LINKS. FIRE IS THE MAIN THREAT TO A COMPUTER'S PHYSICAL SECURITY, BUT IS LARGELY PREVENTIBLE. EACH COMPUTER INSTALLATION SHOULD BE STUDIED TO DETERMINE POSSIBLE SOURCES OF FIRES. APPROPRIATE PREVENTIVE MEASURES INCLUDE STAFF SCREENING AND TRAINING, AND DESIGN AND CONSTRUCTION TO PROVIDE SECURITY AGAINST FIRES. TO DETECT FIRES, SMOKE, AND RADIATION, ADEQUATE HEAT DETECTORS AND PROPER STAFF TRAINING SHOULD BE USED. THE MOST USEFUL MEANS OF FIGHTING COMPUTER FIRES ARE CARBON DIOXIDE SYSTEMS, USING PORTABLE OR AUTOMATED EXTINGUISHERS. WATER MAY DO MORE DAMAGE THAN THE FIRE ITSELF. STAFF SHOULD BE TRAINED TO IMPLEMENT EMERGENCY PROCEDURES IN CASE OF FIRE. TO PREVENT, DETECT, OR REPORT INTRUDERS, ALARM SYSTEMS AND IDENTITY OR ACCESS CARDS ARE RECOMMENDED. COMPUTER PROGRAMS SHOULD INCLUDE INTERNAL CHECKS, DEVELOPED BY SOMEONE OTHER THAN THE PROGRAMMER. CODES FOR TERMINAL USE NEED FREQUENT CHECKS TO ENSURE THEIR PROPER USE. COMPUTER AUDITS ARE THE MAJOR FORM OF INTERNAL AND EXTERNAL CHECK. COMPUTER PERSONNEL SHOULD BE CAREFULLY RECRUITED, TRAINED, AND SUPERVISED. SENIOR MANAGERS SHOULD UNDERSTAND THE PURPOSE AND FUNCTIONS OF THEIR COMPUTERS. CLEAR RULES TO CONTROL ACCESS TO THE COMPUTER ARE ALSO NECESSARY. COMPUTER SECURITY SHOULD BE A CONCERN OF ALL STAFF, NOT JUST SECURITY SPECIALISTS. BOTH INHOUSE AND OUTSIDE PERSONNEL SHOULD BE INVOLVED IN PLANNING SECURITY PROCEDURES. (CFW)