U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Computer Security for the Abuser Friendly Environment - Part 1

NCJ Number
96970
Journal
Data Processing and Communications Security Volume: 9 Issue: 2 Dated: (November/December 1984) Pages: 16-20
Author(s)
H M Kluepfel
Date Published
1984
Length
5 pages
Annotation
An effective security program for computer systems requires the involvement of users, data systems management personnel, programmers, corporate security personnel, and internal auditors.
Abstract
Studies by the American Bar Association, the American Institute of Certified Public Accountants, and the Federal Government have documented the rising incidence of computer-related crime and the need for more effective self-protection by systems owners, education of users concerning the vulnerabilities of computer systems, and the enactment of Federal and State legislation aimed at the problem. Several characteristics can make a system particularly prone to abuse: inadequate password management systems, improper application of access or usage controls, networking vulnerabilities, improper management and protection of backup files, inadequate protection of sensitive data, and a lack of security awareness by users and administrators. Whenever possible, controls should be instituted so that the computer protects itself, since people are the weakest part of any security system. A layered ring approach should be used to protect computer systems. The outer ring consists of physical security countermeasures such as personnel access control systems. The next ring of security involves administrative procedures, which include such measures as escorting all visitors to the computer center. The next ring of protection encompasses the person-machine interface called personnel subsystems. These countermeasures include requiring passwords which are changed periodically. The final ring of security involves computer systems countermeasures. These include designing systems so they do not overly identify themselves to computer hackers or other interlopers. A figure illustrates a computer security system, and States with computer crime laws are listed.