NCJ Number
75078
Date Published
1980
Length
265 pages
Annotation
To assure that protective measures are implemented, this book provides information on computer security for organization managers. It discusses data theft, machine failure, program errors, act of vandalism, and computer service theft.
Abstract
Audit checklists covering the more important aspects of computer operations are included to identify areas of risk and to help managers select and install appropriate, cost-effective protective measures. Among the controls considered are those related to personnel security. A combination of physical-site, software, and procedural security measures together with improved hiring and personnel policies are recommended. In the area of system development, controls are advised for use during the development of new computer applications. Input controls related to source documents, data conversion equipment, and various edit routines also receive attention. Terminal security is discussed from the viewpoint of terminal identification 'keys,' the physical security of terminal locations, shutoff and locking devices, and data scrambling. In addition, software security recommendations are concerned with user identification and access. Protective output controls considered are those which seek to verify that computer-generated outputs are reliable and that no unauthorized alterntions have been made. For the operations environment, security suggestions cover magnetic media, access, the identification of sensitive data, the storage and disposal of information, production control, and off-site workload processing. Furthermore, physical security and contingency plans receive attention, as do auditing procedures and risk analysis. Sample forms, charts, and diagrams are provided. An appendix contains the text of Florida House Bill No. 1305, which relates to computer crimes. Also included are an index and a supplementary readings list.