NCJ Number
86902
Journal
Security Systems Administration Volume: 11 Issue: 10 Dated: (October 1982) Pages: 26-28,31
Date Published
1982
Length
4 pages
Annotation
This discussion of computer crime focuses on the magnitude of the problem, the role of management in security, a profile of the offender, and the role of computer security.
Abstract
Computer crime is a growing problem and usually falls into the crime categories of financial fraud, property thefts, data thefts, abuse of services, and physical attacks. In its security role, management must first determine why computers are vulnerable, indicators that the company is being victimized, and the value of a computer security program. The perpetrator of computer crime is typically 20-40 years-old, male, an experienced professional, in a position of trust, and without obvious signs signs of deviancy or a criminal record. To be comprehensive, a computer security program should (1) define the duties and responsibilities of key system personnel, (2) detail the system's safeguards, (3) define the system's data controls, and (4) provide for communication security. In defining the duties and responsibilities of key system personnel, after hours processing should be tightly controlled and all programs should contain a statement of ownership. Further, responsibilities for writing, authorizing, and modifying programs should be divided among personnel. In data controls, management should account for all the input documents, ensure that corrections on source documents are made only by originating sources, log and store outputs securely, and ensure that errors in the processed data are reported and investigated. To ensure that the computer security program encompasses communication safeguards, management should check to see if it makes use of machine-readable cards or badges to identify terminal users, requires terminal users to indicate when they will return to active status, and uses scramblers and cryptographic devices.