U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

COMPUTER DATA SECURITY - REPROGRAM THE EMPHASIS

NCJ Number
53001
Journal
Security Management Volume: 22 Issue: 12 Dated: (DECEMBER 1978) Pages: 10-14
Author(s)
S J ROSS
Date Published
1978
Length
4 pages
Annotation
STANDARDS NEED TO BE SET IN THE DATA PROCESSING FIELD TO HELP MANAGERS PROVIDE MANAGED RISK, CONTINUED OPERATION, AND A CONTROLLED ENVIRONMENT. SECURITY IS VIEWED AS A FUNCTION OF MANAGEABILITY.
Abstract
THE FOCUS AND DIRECTION OF THE ACTIVITIES OF DATA SECURITY ADMINISTRATORS ARE BEING DETERMINED BY A FEW SPECTACULAR AND WIDELY REPORTED INCIDENTS WHICH REFLECT COMMON FEARS BUT NOT THE MOST SERIOUS PROBLEMS IN THE AREA OF DATA SECURITY. A FEW CRIMINALS HAVE USED COMPUTER TECHNOLOGY TO PERPETUATE CRIMES AND HAVE ALERTED CORPORATE MANAGEMENT TO THE FACT THAT IT CAN HAPPEN ANYWHERE. THERE HAVE BEEN 100,000 COMPUTERS INSTALLED IN THE U.S., HOWEVER, NOT COUNTING MINICOMPUTERS, AND FROM AN ESTIMATED MILLION AUTOMATED APPLICATIONS, ONLY A FEW HUNDRED CRIMES HAVE OCCURRED. WIRETAPPING IS ANOTHER POPULAR CONCERN, YET THERE IS A SOLUTION TO THIS PROBLEM. METHODS EXIST TO GARBLE DATA SO COMPLETELY THAT IT WOULD TAKE THOUSANDS OF YEARS TO DECODE A MESSAGE WITHOUT THE KEY. THE BIGGEST PROBLEM IN THE DATA SECURITY FIELD IS THEREFORE NOT COMPUTER CRIME OR WIRETAPPING BUT THE FACT THAT FEW MANAGERS KNOW WHAT NEEDS TO BE DONE TO EFFECT DATA SECURITY. DATA SECURITY IS DEFINED AS A STRUCTURED EVALUATION OF RISKS ENTAILED IN DATA PROCESSING AND THE IMPLEMENTATION OF COST-EFFECTIVE MEANS TO REDUCE OR LIMIT EXPOSURE. WITHOUT STANDARDS, EACH NEWLY INSTALLED SYSTEM COULD REQUIRE REINVENTION OF DATA SECURITY, LEADING TO WIDELY DIVERGENT PRACTICES IN DIFFERENT DEPARTMENTS OF A COMPANY. EACH REINVENTION CAN RESULT IN OPERATIONAL INEFFICIENCIES OR SECURITY GAPS WHERE SYSTEMS INTERFACE. THE ONLY WAY TO ACHIEVE DATA SECURITY IS TO AUTOMATE THE DATA SECURITY FUNCTION ITSELF--DEPARTMENTS NEED TO STREAMLINE AND SYSTEMIZE THEIR OPERATIONS. STEPS NEED TO BE TAKEN TO MAKE DATA SECURITY WORK TO ITS MAXIMUM POTENTIAL QUICKLY, HOWEVER, SINCE THERE IS A GROWING BELIEF AMONG LAWMAKERS AND REGULATORS THAT THEY WILL HAVE TO APPLY EXTERNAL PRESSURES IN THE NEAR FUTURE. THE COURTS HAVE BEEN SETTING PRECEDENTS, CONGRESS HAS BEEN PASSING LAWS, AND THE SENATE BANKING COMMITTEE HAS BEEN CONSIDERING MEASURES TO REGULATE ELECTRONIC FUND TRANSFERS. WHAT ARE NEEDED, HOWEVER, ARE NOT NEW LAWS BUT A HEIGHTENED MANAGEMENT AWARENESS THAT THE POWER OF THE COMPUTER MUST BE CHANNELED AND DIRECTED IN SUCH A WAY THAT HUMAN BEINGS BEHIND THE MACHINES CANNOT ACT IN AN UNCONTROLLED AND UNACCOUNTABLE MANNER. (KJM)