U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Human Factor in Computer Crime

NCJ Number
96253
Author(s)
J Van Duyn
Date Published
1985
Length
155 pages
Annotation
Topics considered in this discussion of computer security are establishing computer security; physical security; hardware, software, and personnel security; contingency and disaster recovery planning; and electronic data processing insurance.
Abstract
Legislative and regulatory requirements relevant to computer security are outlined, including the Foreign Corrupt Practices Act of 1977 and the Privacy Act of 1974. The need for a comprehensive risk analysis and risk management policy is explained. Physical security, the first line of prevention and detection, can include building and parking lot security, physical access control, fire security/protection, housekeeping in computer and storage rooms, and the air conditioning system. Hardware security, the second line of defense, involves protecting the electric power, securing the terminals, and protecting sensitive data during transmission through such means as codes and voice verification. In software security, a fundamental deterrent is an internal auditor. In addition, systems and applications controls, data processing crime methods, detection methods, and countermeasures are outlined. A strong and effective personnel security policy, the fourth area of importance, must include careful screening of data processing personnel at hiring, clear rules of conduct, continued education, effective performance evaluation, promotion, and other policies to foster job satisfaction. Contingency and disaster recovery planning must be done in case of a computer calamity. Electronic data processing insurance is also important. A glossary, a 29-item bibliography, and an index are provided.