NCJ Number
128110
Journal
Security Management Volume: 35 Issue: 1 Dated: (January 1991) Pages: 42-46
Date Published
1990
Length
5 pages
Annotation
Corporate security should shift its emphasis from the protection of physical resources to the protection of information resources and should make sure that computer security measures are convenient for computer users to use.
Abstract
Few security managers have received specific training in information security, and corporate management often lacks full understanding of their personal and corporate vulnerability. In addition, users of data centers and networks often do not understand the nature of the threats, potential methods of abuse, and the value of information resources. They often resist security procedures and backup responsibilities that seem to impede their goals. The main threats to computer systems and information integrity are errors, embezzlement, ego, eavesdropping, espionage, enmity, and extortion. Computer security must address all these areas through physical security, authentication of the identity of authorized users, limits on what authorized users can do, encryption of sensitive transmitted and stored information, and audit trails with meaningful accountability. In addition, security measures must be simple and convenient to use.