U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

COMPUTER SECURITY - PUBLIC AND USER ATTITUDES

NCJ Number
65215
Journal
Internal Auditor Volume: 35 Issue: 2 Dated: (APRIL 1978) Pages: 79-85
Author(s)
E J HOWE
Date Published
1978
Length
7 pages
Annotation
COMPUTER SECURITY PROBLEMS AND PUBLIC AND USER ATTITUDES TOWARD THEM ARE DISCUSSED BY THE DEPUTY DIRECTOR OF THE NATIONAL COMPUTING CENTER (NCC), A NONPROFIT ORGANIZATION PROMOTING COMPUTER USE IN THE UNITED KINGDOM.
Abstract
COMPUTER SECURITY INCLUDES DEVELOPING AND RUNNING SYSTEMS IN DATA PROCESSING AND USER DEPARTMENTS, BACKUP PROBLEMS, PHYSICAL SECURITY OF COMPUTER SYSTEMS, AND PERSONNEL RISKS; A TOTAL OF 70 DIFFERENT TYPES OF SECURITY BREACHES ARE POSSIBLE. ANY SYSTEM BREACH AFFECTS SYSTEM AVAILABILITY, INTEGRITY, OR CONFIDENTIALITY. PUBLIC CONCERNS FOR PRIVACY MAKE DEMANDS ON COMPUTER SECURITY IN TERMS OF CONFIDENTIALITY AND SYSTEM INTEGRITY. MANY ASPECTS OF PRIVACY ARE ETHICAL AND LEGAL IN NATURE. IN 1975, THE BRITISH GOVERNMENT CONCURRED WITH THE YOUNGER COMMITTEE'S RECOMMENDATIONS AND COMMITTED ITSELF TO LEGISLATION ON PRIVACY AND COMPUTERS. TO MAKE THAT LEGISLATION BOTH BALANCED AND PRACTICAL, THE COMPUTING COMMUNITY SHOULD PRESENT ITS VIEWPOINTS. A SURVEY BY THE NCC SHOWED THAT COMMUNICATION IS A MAJOR PROBLEM; AS A RESULT NCC HAS PRODUCED A FREE BOOKLET TO EXPLAIN COMPUTER SECURITY. OF 150 COMPUTER USERS SURVEYED, MOST REPORTED THAT SECURITY BREACHES AROSE FROM MECHANICAL, COMMUNICATIONS, OR SOFTWARE PROBLEMS, NOT FROM FRAUD, FIRE, AND FLOOD. EXTERNAL AUDITORS WERE THE MAIN SECURITY INFORMATION SOURCE OUTSIDE THE ORGANIZATION. ORGANIZATIONS MADE LITTLE EFFORT TO SIMULATE THREATS AND TEST BACKUP PROCEDURES. ABOUT TWO THIRDS OF THE ORGANIZATIONS WERE SATISFIED WITH THEIR GENERAL SECURITY ARRANGEMENTS, BUT THE INTERVIEWS TENDED TO RAISE AWARENESS OF POTENTIAL SECURITY PROBLEMS. IN GENERAL, BASIC SECURITY MEASURES INCLUDE GOOD PERSONNEL SELECTION, PROPER SUPERVISION, DIVISION OF RESPONSIBILITIES, USE OF SPOT CHECKS, AND CHANGING OF ROUTINES. NCC IS IMPLEMENTING SURVEY RECOMMENDATIONS TO DEVELOP A CENTRAL REFERENCE BODY AND CODES OF PRACTICE AND GUIDELINES ON COMPUTER SECURITY, TO PROMOTE RISK MANAGEMENT, AND TO PROVIDE EDUCATION AND TRAINING. A CURRENT MAJOR QUESTION ASKS WHERE RESPONSIBILITY FOR COMPUTER SECURITY LIES. A TABLE IS INCLUDED. (CFW)