U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Data Security - Threats and Deficiencies in Computer Operations - A Report on a Completed Study - A Translation From an IBM (International Business Machines Corporation) Svenska AB

NCJ Number
79427
Date Published
1975
Length
54 pages
Annotation
Findings are presented from a Swedish study of unintentional threats to data integrity and privacy in nine computer installations.
Abstract
Information was collected on about 800 forms of threats. Many of these forms described the same threat with different causes. By grouping similar threats, the number of distinctive threats was reduced to 72. A systematic pattern of threats to data security was found at the various installations. All of the threat types could be categorized according to various operational situations common to the installations. Nineteen separate conditions were identified, and they were found to fall into three basic groups: handling of material and equipment, system operation, and environmental factors. Most of the threats occur because simple routines do not behave as expected. The threats may be well known to the operating staff, and the existence of the threats is accepted either because the staff does not appreciate the hazards involved or because possible preventive measures are too time-consuming. Supervisors are often not aware of the threats and therefore take no action. The majority of the threats involve modifications to or destruction of data. Threats likely to lead to disclosure of data are relatively few. Many threats involve problems of communication among staff. The observed threats also often suggest weaknesses in the interaction between the staff and the hardware. Although the study was not intended to suggest measures to correct the deficiencies that invite the threats, such measures are described to the extent that they have been implemented in the installations studied. A catalog of deficiencies that invite the identified threats is presented. Graphic presentations of the threats and associated deficiencies are provided, along with a glossary. (Author summary modified)

Downloads

No download available

Availability