U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

INFORMATION SECURITY BASICS

NCJ Number
145858
Journal
NCSA News Volume: 4 Issue: 5 Dated: (September/October 1993) Pages: 14-15,19
Author(s)
M E Kabay
Date Published
1993
Length
3 pages
Annotation
Information security is a complex field that involves physical threats, risk assessment, educating management about the need for security, corporate security policies, computer crime techniques and prevention, personnel issues, network considerations, microcomputer considerations, and computer security audits.
Abstract
Both corporations and individuals are concerned about data security. According to IBM's corporate policy, data security involves the protection of information from unauthorized or accidental modification, destruction, and disclosure. Human errors, accidents, or omissions account for 50 to 80 percent of information security problems; criminal hackers actually account for a small percentage of harm to computers. Security measures cannot eliminate human errors and accidents, but they can reduce the likelihood of such events by limiting access to a restricted group of trained people, providing audit trails, emphasizing accountability, and showing employees how important corporate data are to the organization. With respect to criminal hackers, logic bombs, worms, and viruses represent the most interesting forms of information security attacks. Another threat of growing importance in industrial espionage involves telecommunications networks. Local area networks are vulnerable to easy eavesdropping using off-the-shelf "sniffer" software. Electronic systems are also susceptible to disruption by high-energy radio frequency weapons. Information security experts agree that education is a key element of computer crime prevention.