NCJ Number
97638
Journal
Security World Volume: 29 Issue: 3 Dated: (March 1985) Pages: 35-40
Date Published
1985
Length
6 pages
Annotation
A discussion of the nature and extent of computer-related crime and abuse accompanies advice on how to develop and implement an effective computer security system.
Abstract
Studies by the American Bar Association, the President's Council on Integrity and Efficiency, and the American Institute of Certified Public Accountants have focused on the types of computer crime, the perpetrators, and the associated security problems. The lack of appropriate technological and personnel-related controls was a common finding. Problems include inadequate password management, improper application of access or usage controls, networking vulnerabilities, improper management and protection of backup files, inadequate protection of sensitive data, and lack of security awareness. Organizations are advised to build in controls when a computer system is being developed or an existing one modified. The involvement of users, data systems managers, programmers, corporate security personnel, and internal auditors is urged. A layered approach is recommended, with physical security measures in the outer ring, administrative procedures in the next layer, personnel controls in the next layer, and use of the computer to protect itself. A written disaster plan is also advised. This should adhere to generally accepted security approaches. It should specify the priorities for critical systems that must operate during recovery and give written instructions for actions to be taken after a disaster. Organizations should conduct tests to ensure that the plan and contingency actions are appropriate. Exhibits list States with computer-related crime statistics, attributes of an abuser-friendly computer system, and components of a computer center disaster recovery plan, as well as diagrams for electronic data processing in and around the computer and for contingency planning for computer systems.