U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

DETECTING AND PREVENTING MISUSE OF DATA PROCESSING SYSTEMS

NCJ Number
54449
Author(s)
ANON
Date Published
1978
Length
24 pages
Annotation
PROBLEMS OF COMPUTER FRAUD AND VIOLATIONS OF INFORMATION PRIVACY, AS EXPERIENCED BY DATA PROCESSING MANAGERS, SYSTEMS DESIGNERS, AND ELECTRONIC DATA PROCESSING (EDP) AUDITORS, ARE DISCUSSED.
Abstract
MAJOR TYPES OF COMPUTER RESOURCES TO BE PROTECTED ARE INTELLECTUAL PROPERTY (DATA AND PROGRAMS), PHYSICAL PROPERTY (EQUIPMENT AND SUPPLIES), AND COMPUTER SERVICES AND PROCESSES. MISUSES OF INTELLECTUAL PROPERTY CONCERN UNAUTHORIZED MODIFICATION, DESTRUCTION, AND DISCLOSURE. WITH REGARD TO PHYSICAL PROPERTY, MISUSES INCLUDE UNAUTHORIZED MODIFICATION AND THEFT. MISUSES PERTAINING TO SERVICES AND PROCESSES INVOLVE UNAUTHORIZED USE OR DENIAL OF AUTHORIZED USE. DATA SECURITY MEANS KEEPING UNAUTHORIZED PERSONS OUT OF A SYSTEM AND PROTECTING AGAINST FRAUD. IT IS NECESSARY THAT AN ORGANIZATION HAVE AN OVERALL COMPUTER SECURITY PROGRAM WITHIN WHICH PROCEDURES CAN OPERATE, BASED ON MANAGEMENT POLICY AND SUPPORT. BASIC ELEMENTS IN A SECURITY PROGRAM ARE DELINEATED, INCLUDING COMPUTER SECURITY POLICY AND CONTROL, THE EDP AUDIT FUNCTION, SYSTEM DESIGN STANDARDS, CONTRACTS, INSURANCE, AND IMPLEMENTATION STRATEGIES. INTERNAL EXPOSURE AREAS OR SYSTEM VULNERABILITIES THAT CAN RESULT FROM UNAUTHORIZED ACTIONS OF INTERNAL PERSONNEL OR OUTSIDERS ARE MODIFICATION OR DESTRUCTION OF DATA, DISCLOSURE OF STORED DATA, AND MODIFICATION DESTRUCTION, OR DISCLOSURE OF PROGRAMS. EXTERNAL VULNERABLE AREAS INCLUDE MODIFICATION, DISCLOSURE, OR DESTRUCTION OF DATA STORED EXTERNAL TO A SYSTEM, MODIFICATION OR DESTRUCTION OF PROGRAMS EXTERNAL TO A SYSTEM, DISCLOSURE OF PROGRAMS STORED EXTERNAL TO A SYSTEM, MODIFICATION OR DESTRUCTION OF COMPUTER EQUIPMENT OR SUPPLIES, AND USE OF COMPUTER SYSTEM SERVICES. CAPSULE DESCRIPTIONS OF 83 PROCEDURES OR ACTIONS AIMED AT DETECTING AND/OR PREVENTING MISUSE OF DATA PROCESSING SYSTEMS ARE PROVIDED; E.G., JOB ROTATION, INPUT-OUTPUT VOLUME COMPARISON AGAINST PREDICTED REQUIREMENTS, AUDITS WITH TEST DATA, OPERATIONS AREA SURVEILLANCE, ALARM SYSTEMS, PASSWORD PROTECTION SYSTEM, SENSITIVE FILE ACCESS LOG, OFF-HOUR TERMINAL DISCONNECT, AND LOCKABLE INPUT-OUTPUT DATA STORAGE.

Downloads

No download available

Availability