U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Computer Security Handbook - Strategies and Techniques for Preventing Data Loss or Theft

NCJ Number
101705
Author(s)
R T Moulton
Date Published
1986
Length
248 pages
Annotation
This comprehensive handbook examines the design, implementation, and maintenance of computer security controls.
Abstract
Topics covered include getting the most cost-effective security protection, developing logical access control programs, ensuring that application programs include controls over data editing and file updating activities, selecting physical control systems, protecting data communicated by telephone and satellite, preventing losses due to error or omissions, and dealing with disruptions. A detailed checklist provides step-by-step guidelines for meeting computer security responsibilities ranging from staff training and system design to disaster contingency planning. A section on electronic data processing audits describes what to expect from auditors, how to keep them from obtaining sensitive information without authorization, and how to deal with incorrect or unfair audits. Ways in which the audit can be used to improve the quality and security of computer operations also are described. Also covered are risk assessment, security review scheduling, and qualitative and quantitative methods for developing loss expectancies and formulas for measuring them against the costs of adding or deleting controls. Procedures for investigating and prosecuting computer-related fraud and abuse are examined. Finally, special security problems are discussed, including supervising computer security personnel, protecting microcomputers, and planning for future security needs. Index. (Publisher abstract modified)