U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

COMPUTER SCIENCE AND TECHNOLOGY - AUDIT AND EVALUATION OF COMPUTER SECURITY

NCJ Number
52264
Editor(s)
Z G RUTHBERG, R G MCKENZIE
Date Published
1977
Length
258 pages
Annotation
CONSENSUS REPORTS ON 10 TOPICS RELATED TO AUDIT AND EVALUATION OF COMPUTER SECURITY AND DEVELOPED DURING A WORKSHOP DESIGNED TO EXPLORE THE STATE-OF-THE-ART IN THE THEME AREA ARE PRESENTED.
Abstract
THE NATIONAL BUREAU OF STANDARDS, WITH THE SUPPORT OF THE U.S. ACCOUNTING OFFICE, SPONSORED AN INVITATIONAL WORKSHOP ENTITLED 'AUDIT AND EVALUATION OF COMPUTER SECURITY,' HELD IN MIAMI BEACH, FLA., ON MARCH 22-24, 1977. LEADING EXPERTS IN THE AUDIT AND COMPUTER COMMUNITIES WERE INVITED TO DISCUSS THE SUBJECT IN ONE OF TEN SESSIONS, EACH OF WHICH CONSIDERED A DIFFERENT ASPECT OF THE THEME. THE SESSION ON INTERNAL AUDIT STANDARDS DEFINED THE LARGER SUBJECT OF INTERNAL AUDIT OF A COMPUTER SYSTEM, AND THEN DEFINED COMPUTER SECURITY AUDIT. THE QUALIFICATIONS AND TRAINING SESSION DREW UP AN OUTLINE OF THE BROAD BODY OF KNOWLEDGE NEEDED TO PERFORM A COMPUTER SECURITY AUDIT. THE GROUP CONSIDERING SECURITY ADMINISTRATION DISCUSSED THE LEGAL BASIS FOR ESTABLISHING A SECURITY ADMINISTRATION FUNCTION IN A FEDERAL ORGANIZATION AND DEFINED THE SECURITY ADMINISTRATION FUNCTION. FOUR CONCEPTUAL MODULES FOR THE DEVELOPMENT OF AN OPEN-ENDED STRUCTURED MODEL OF COMPUTER SECURITY AUDIT WERE IDENTIFIED IN THE SESSION ENTITLED 'AUDIT CONSIDERATIONS IN VARIOUS SYSTEM ENVIRONMENTS.' THE SESSION ON ADMINISTRATIVE AND PHYSICAL CONTROLS ESTABLISHED THE THESIS THAT THE CONCERNS OF DATA SECURITY AND THE RESPONSIBILITIES OF THE AUDITOR ARE COMPLEMENTARY, SINCE BOTH DEAL WITH THE PROTECTION OF RESOURCES WITHIN THE DATA PROCESSING MISSION. SUGGESTIONS FOR THE AUDITOR ARE ALSO INCLUDED. THE 'PROGRAM INTEGRITY' SESSION EMPHASIZES THAT PROGRAM INTEGRITY MUST BE CONSIDERED OVER THE ENTIRE LIFE CYCLE OF THE PROGRAM. SAFEGUARDS HAVING A DIRECT BEARING ON DATA INTEGRITY AUDIT WERE DISCUSSED IN THE 'DATA INTEGRITY' GROUP. REPORTS ARE ALSO INCLUDED FOR SESSIONS DEALING WITH COMMUNICATIONS, POSTPROCESSING AUDIT TOOLS AND TECHNIQUES, AND INTERACTIVE AUDIT TOOLS AND TECHNIQUES. (RCB)