U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

PLAN FOR COMPUTER PROTECTION

NCJ Number
57891
Journal
Security Industry and Product News Volume: 8 Issue: 5 Dated: (MAY 1979) Pages: 22,24-25
Author(s)
W BOMM
Date Published
1979
Length
3 pages
Annotation
OBJECTIVES OF AND POLICY GUIDELINES FOR COMPUTER SECURITY PROGRAMS TO BE USED BY BOTH INDUSTRY AND GOVERNMENT ARE PROPOSED. SUCH PROGRAMS ARE NECESSARY TO PROTECT AGAINST ABUSE IN INSTITUTIONS WITH LARGE CONCENTRATIONS OF FILES.
Abstract
THE MAIN PROBLEMS TO BE FACED ARE ACTS OF TERRORISM, VANDALISM, AND THEFT, AS WELL AS NATURAL DISASTERS, INCLUDING FLOODS, AND HURRICANES. THE MAJORITY OF COMPUTER ABUSERS ARE, IN FACT, COMMITTED BY MEMBERS OF THE INTERNAL ORGANIZATION. SECURITY PROGRAM OBJECTIVES SHOULD INCLUDE THE FOLLOWING CRITERIA: (1) ENSURE INTEGRITY AND ACCURACY OF DATA, (2) IDENTIFY PROPRIETARY OR SENSITIVE DATA, (3) PROTECT AND CONSERVE ASSETS FROM NATURAL DISASTERS AND OVERT HOSTILE ACTS, (4) ENSURE THE ORGANIZATION'S ABILITY TO SURVIVE HAZARDS, (5) PROTECT EMPLOYEES FROM UNNECESSARY TEMPTATION OR SUSPICION, (6) PROTECT MANAGEMENT FROM CHARGES OF IMPRUDENCE, (7) ESTABLISH A MANAGEMENT TASK FORCE. A TASK FORCE SHOULD COORDINATE AND IMPLEMENT THE SECURITY PROGRAM, AFTER ANALYZING THE STATUS OF THE ELEMENTS WHICH WILL AFFECT SECURITY. THESE INCLUDE CURRENT SECURITY, PERSONNEL, PHYSICAL SAFEGUARDS, INSURANCE, COMPUTER SYSTEM CONTROLS AND PROCEDURES, DATA SECURITY HARDWARE PROTECTION, SOFTWARE INTEGRITY AND ACCOUNTING CONTROLS, AND PROCEDURES. THE RESULTS OF THIS ANALYSIS WILL BECOME THE ORGANIZATION'S POLICY STATEMENT FOR COMPUTER SECURITY. THE FORMAL POLICY SHOULD INCLUDE OBJECTIVES, POLICIES, RESPONSIBILITIES, BUDGETS AND RESOURCES AS WELL AS PROVISIONS FOR MONITORING THE SYSTEM. IN ORDER TO IMPLEMENT THE PLAN, MANAGEMENT SHOULD TAKE THE ULTIMATE RESPONSIBILITY. FAILURE TO INITIATE SUCH PROGRAMS WILL INCREASE THE HAZARDS OF COMPUTER ABUSE IN THE FUTURE. (STB)