U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

SECURITY SAFEGUARDS FOR THE COMPUTER

NCJ Number
60875
Author(s)
C F HEMPHILL; R D HEMPHILL
Date Published
1979
Length
38 pages
Annotation
EMPHASIZING THE NEED FOR COMPUTER SECURITY, THIS BOOKLET DETAILS SECURITY WEAKNESSES AND PRESENTS SAFEGUARDS, BOTH PERSONNEL AND PROCEDURAL, FOR MANAGEMENT TO USE IN CREATING A CRIME-PROOFING PROGRAM.
Abstract
WITH THE DEVELOPMENT OF COMPUTER TECHNOLOGY, THERE IS A CORRESPONDING NEED FOR SECURITY PROCEDURES DEVELOPMENT. BY 1977, MORE THAN 500 COMPUTER-RELATED CRIMES HAD BEEN DOCUMENTED. SUCH CRIMES INCLUDE INTERNAL THEFT, EMBEZZLEMENT, THEFT OF PROPERTY AND SERVICES AND OTHER BUSINESS SECRETS, AND EVEN THEFT FOR RANSOM OF SOFTWARE AND COMPUTER EQUIPMENT. COMPUTER CRIME ALSO INCLUDES UNAUTHORIZED DUPLICATION OF A PROGRAM, DATA ENTRY VIA TERMINALS AND COMMUNICATION SYSTEMS, WIRETAPPING, AND EAVESDROPPING. EXAMPLES ILLUSTRATE THE CRIMES LISTED. REMEDIES AND SAFEGUARDS FOR SUCH BREACHES OF SECURITY ARE TO ELIMINATE OBSOLETE PROGRAMS AND EXTRA DOCUMENTS, INSTITUTE FORMAL PROCEDURES FOR CORRECTING INPUT DATA, AND INITIATE SECURITY PROCEDURES CONCERNING REMOTE TERMINALS. OTHER PRECAUTIONS ARE PROCEDURAL CONTROLS SUCH AS PROCESSING RESTRICTIONS, AUDIT CONTROLS, PHYSICAL PROTECTION, PERSONNEL SECURITY MEASURES INCLUDING THOSE THAT APPLY TO EXECUTIVE LEVEL PERSONNEL, AND, AS FINAL MEASURE, INSURANCE. A VULNERABILITY TAXONOMY IS PROVIDED IN THE APPENDIX THAT LISTS 17 GENERAL TYPES OF COMPUTER CRIMES AND DEFINITIONS OF EACH. A BIBLIOGRAPHY ALSO IS FURNISHED. (RFC)