NCJ Number
64678
Journal
NATIONAL PUBLIC ACCOUNTANT Volume: 23 Issue: 1 Dated: (1978) Pages: 20-24
Date Published
1978
Length
5 pages
Annotation
THIS PAPER DESCRIBES A SYSTEMATIC APPROACH TO INFORMATION (DATA) SECURITY AND DISCUSSES THE SECURITY AUDIT IMPLICATIONS OF COMPLEX COMPUTER SYSTEMS.
Abstract
DATA SECURITY REFERS TO THE SAFETY OF INFORMATION FROM ALL POSSIBLE VIOLATIONS INCLUDING UNAUTHORIZED DISCLOSURE, MODIFICATION, OR DESTRUCTION, WHETHER ACCIDENTAL OR DELIBERATE. GOOD SECURITY TECHNIQUES INCLUDE PHYSICAL PROTECTION; EFFECTIVE EMPLOYEE CRIME PREVENTION PROCEDURES SUCH AS SCREENING, LICENSING, EMPLOYEE RELATIONS PROGRAMS, AND PROCEDURAL CONSTRAINTS; AND ADMINISTRATIVE SECURITY. IN ADDITION, COMPUTER SYSTEM SECURITY TECHNIQUES OF STRUCTURED DESIGN, STRUCTURED PROGRAMMING, AND CHIEF PROGRAMMER TEAMS CAN BE APPLIED. COMMUNICATIONS SECURITY IS ALSO IMPORTANT AND INVOLVES IDENTIFICATION OF USERS, ISOLATION OF SYSTEM COMPONENTS, SURVEILLANCE, AND INTEGRITY OF THE DATA BASE SYSTEM. DATA SECURITY AUDITORS NEED TO REVIEW THE EXISTING SYSTEM TO SEE IF IT HAS ANY SECURITY OR SYSTEM INTEGRITY DEFICIENCIES. THEY ALSO NEED TO IDENTIFY POSSIBLE IMPROVEMENTS AND ASSURE THE MAINTENANCE OF INDIVIDUAL ACCOUNTABILITY AT ALL TIMES. AUDITING COMPUTER SYSTEMS IS DONE AT THREE LEVELS--AROUND, THROUGH, AND WITH THE COMPUTER. THE OCCURRENCE OF A THREAT IS COUNTERED WITH AUDIT LOGS AS WELL AS AUDIT TRAILS, CHECK SUMMING, SAMPLING, COMPARISON OF DUPLICATE FILES OR PROGRAMS, EXTRACTION, AND TAGGING. AN INTEGRATED TEST FACILITY (ITF) TECHNIQUE IS ALSO IN USE. PROJECTIONS ARE TOWARDS INCREASED SPECIALIZATION AND SPECIAL PURPOSE SYSTEMS WHICH SHOULD PROMOTE GREATER SECURITY. FOOTNOTES ARE PROVIDED. (AOP)