NCJ Number
124393
Date Published
1990
Length
5 pages
Annotation
Risk assessment, or vulnerability assessment, are surveys used to identify procedural and physical weaknesses in the daily operation of a computer system in order to correct the problems before a processing failure, theft, or sabotage occurs.
Abstract
Management participation in a risk assessment survey includes coordinating the effort, selecting and executing the questionnaire, and analyzing the information in the form of a risk assessment plan. An integral part of this plan is costing up necessary upgrades. Precautions against external predators accessing critical data include maintaining a current list of authorized system users, using a random password generator, using a system watchdog feature that logs users off after a pre-determined time limit, maintaining a complete system audit trail, and using a call-back system. An Information Security Plan should be used as a planning tool and a way to inform management of current risks and countermeasures. The most common method of achieving information security is the use of passwords used in conjunction with a data encryption scheme and physical security measures. Building block security measures include physical, personnel, regulatory, hardware, software, and network components. Two critical areas of physical security are environmental protection and disaster recovery. Employee and legal issues are also involved in this complicated area. Employee awareness programs can assist in implementing a sound security plan. 10 references. (Author abstract modified)