U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Computer Use and Abuse

NCJ Number
115933
Journal
Security Management Volume: 33 Issue: 2 Dated: (February 1989) Pages: 73-79
Author(s)
H M Kluepfel
Date Published
1989
Length
7 pages
Annotation
Addressing the problem of information security in computerized systems requires a new method for designing, controlling, measuring, and maintaining the integrity of these systems.
Abstract
A program for protection of proprietary information must be active and supported by all employees, including regular, temporary, and contract employees, who create, handle, or in any way have access to such information. A balanced program includes three elements: prevention, detection, and recovery. Companies must safeguard the hardware, software, and proprietary data against damage, alteration, theft, fraudulent manipulation, unauthorized access and disclosure, and denial of use. Financial records should receive the most careful treatment. Security managers should also recognize that computer hackers have more resources for attack than corporations have to repel attackers. Computer systems that are the most vulnerable to abuse have one or more of the following characteristics: inadequate password management, improper access and usage controls, networking vulnerabilities, improper management of backup files, inadequate protection of sensitive data, lack of security awareness by users, and inadequate use of technology. Countermeasures should be based on a security survey and should use layers consisting of physical countermeasures, administrative countermeasures, personnel subsystems countermeasures, and computer system countermeasures. Corporations should also plan for the possibility of a disaster that prevents a company from using its computer equipment. They should also recognize the specific responsibilities of employees, originators or owners of data, and suppliers of services and ensure that these responsibilities are met.

Downloads

No download available

Availability