NCJ Number
60987
Date Published
1979
Length
327 pages
Annotation
OPERATING SYSTEMS AND RESEARCH IN THE AREA OF COMPUTER SECURITY ARE DESCRIBED IN THIS TEXT FOR PROFESSIONALS AND STUDENTS OF COMPUTER SECURITY, WITH A CRITICAL ASSESSMENT OF THE SYSTEM AND RESEARCH.
Abstract
COMPUTER SECURITY DEALS WITH THE MANAGERIAL PROCEDURES AND TECHNOLOGICAL SAFEGUARDS APPLIED TO COMPUTER HARDWARE, SOFTWARE, AND DATA TO ENSURE AGAINST ACCIDENTAL OR DELIBERATE UNAUTHORIZED ACCESS TO COMPUTER SYSTEM DATA. COMPUTER PRIVACY IS CONCERNED WITH THE MORAL AND LEGAL REQUIREMENTS TO PROTECT DATA FROM UNAUTHORIZED ACCESS AND DISSEMINATION. THE ISSUES INVOLVED IN COMPUTER PRIVACY ARE THEREFORE POLITICAL DECISIONS REGARDING ACCESS TO INFORMATION, WHEREAS ISSUES OF SECURITY INVOLVE THE PROCEDURES AND SAFEGUARDS FOR ENFORCING THE PRIVACY DECISIONS. THE MOTIVATIONS FOR SECURITY AND PRIVACY ARE FOUND IN THE DESIRE FOR MILITARY SECRECY, INDUSTRIAL SECURITY, AND INFORMATION SHARING. BASED ON NATIONAL AND STATE LAWS, IT IS POSSIBLE TO ESTABLISH SOME FORM OF OPERATIONAL SECURITY, WHICH ALLOWS THE MANAGEMENT OF A COMPUTER INSTALLATION TO EXERCISE CONTROL AND BE ACCOUNTABLE FOR THE INSTALLATION. GUIDELINES AND PROCEDURES MAY BE ESTABLISHED FOR ACCOUNTABILITY, FOR LEVELS OF CONTROL, AND FOR SYSTEM CONFIGURATION. PREVENTIVE MEASURES AGAINST INTERNAL AND EXTERNAL THREATS CAN BE DEVELOPED THROUGH RISK ANALYSIS, ASSESSMENT, AND INSURANCE INVESTIGATION. THE PSYCHOLOGICAL SECURITY OF THE OPERATIONAL STAFF IS NECESSARY FOR SUCCESSFUL OPERATIONAL SECURITY. IT IS RECOMMENDED THAT ONGOING RISK MANAGEMENT TEAMS BE FORMED THAT WOULD INCLUDE OPERATIONS MANAGERS, PROGRAMMERS, INTERNAL AUDITORS, AND PHYSICAL SECURITY PERSONNEL. PHYSICAL SECURITY MUST PREVENT LOSS DUE TO NATURAL DISASTERS, TAMPERING, AND MALICIOUS ENTRY AND DESTRUCTION. USER IDENTIFICATION AND AUTHENTICATION MUST PROTECT BOTH HARDWARE AND SOFTWARE. REFERENCES, ILLUSTRATIONS, AND AUTHOR AND SUBJECT INDEXES ARE PROVIDED. (TWK)