NCJ Number
89630
Date Published
1974
Length
285 pages
Annotation
A series of 12 presentations reports findings from one of four study sites in a project designed to generate more information about computer data security and identifying user requirements in this general area.
Abstract
The opening paper presents results from a user requirements survey that showed (1) only a small proportion of computer users employ security features; (2) persons closely involved with the computer system tend to be more aware of potential security problems; and (3) significant differences exist in the levels of security awareness in the various user communities. Requirements for secure operating system features are considered in the second paper, using the Massachusetts Institute of Technology as an example. Four papers focus respectively on data security in university environments, the service bureau industry, the medicaly community, and the financial community. In another paper, the security and authorization facilities of the current Resource Security System are evaluated on the basis of the user requirements for security as perceived by participants at the study site. Other topics considered in presentations include (1) the application and analysis of the virtual machine approach to information system security and isolation, (2) the state of practice of computer security, (3) an approach to data security through data set access control, and (4) the security decision. A comprehensive annotated bibliography on computer and data security is also provided. For the entry on the state of practice of computer security, see NCJ 89631.