NCJ Number
76253
Editor(s)
Z G Ruthberg
Date Published
1980
Length
214 pages
Annotation
The proceedings of a National Bureau of Standards-sponsored workshop on computer security audit are presented. Participants focused on identifying future research areas and on determining the current status of research on the topic.
Abstract
Computer science experts and auditors were assembled to develop material that would be directly usable for a Federal Information Processing Standard Guideline on the subject. The workshop focused on technical and management concerns for computer systems. Since the security of a computer system can be viewed as a three-dimensional problem composed of three variables (operating environment, vulnerabilities, and countering controls), each workshop group was asked to analyze vulnerability and controls in a worst-case environment (that of a multiused teleprocessing system). The groups also assessed system vulnerabilities without regard to exploitation risk and considered the qualitative effectiveness of controls and their implementation costs. Management sessions addressed topics such as system control, application interface, data base administration, data handling, application program development, and management communications. Charts, a glossary, and a list of attendees are provided. References are provided after some session reports. (Author abstract modified)