NCJ Number
72636
Journal
Security Management Volume: 24 Issue: 10 Dated: (October 1980) Pages: 50,52,55,57
Date Published
1980
Length
4 pages
Annotation
The inclusion of data processing professionals on the security staff and the assignment of technical specialists to augment inspection programs and auditing has created certain communication problems which are addressed in this article.
Abstract
Problems are listing ranging from minor differences in the use of terminologies to differences in level of abstraction, in orientation, and in decisions based on different experience. For example, the security specialist may think of the concept of access control as beginning with front door entry controls and extend to authorizing users by means of a password. The data processing specialist, however, may be inclined to think of access control only as it relates to the data base itself. In addition, the data processing staff may be geared toward efficiency of operation, while the security specialist, also oriented toward efficiency, must be involved with certain restrictions that impede efficiency. Finally, the momentum of sets, a well-established principle of interpersonal communications, may result in individuals ignoring unusual occurrences that impinge on systems security. Because no one person can be responsible for all aspects of computer security, team cooperation and mutual belief in the value of the other person's viewpoint is important. Management responsibility lies in defining what level of restraint is acceptable and what information must be protected. The objective of computer security must be to make the possibility of gaining unauthorized access to particular data as difficult as possible. Six references are provided.