U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Don't Wait Until You Get 'Burned'

NCJ Number
111268
Journal
Administrative Management Volume: 49 Issue: 2 Dated: (March 1988) Pages: 17-22
Author(s)
D Finlay
Date Published
1988
Length
5 pages
Annotation
Management can create a secure information environment through risk management, security education, disaster planning and recovery, and computer access control.
Abstract
Risk management involves assessing threats and vulnerability, the cost of reducing or eliminating vulnerability, and the risk level management is willing to accept. Security education includes informing employees about company policy regarding computer crime, including the seriousness of such crime and the legal consequences. Disaster planning and recovery consists of contingency plans if confidential business data are lost. This may consist of daily backup of the data and storing them on computer tapes off site. Computer access control involves management's analyzing and assessing employees' responsibilities and determining the information they should receive for the performance of their duties. Employee access to files would be limited to that required for job tasks. Software is available to have division of access to various programs according to task groupings. The key to any access control system is to provide user authentication at all levels. One security measure is a cryptographic lock that scrambles words on files to unreadable nonsense. Some software security programs are briefly described.