U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Computer Security Management

NCJ Number
82122
Author(s)
D B Parker
Date Published
1981
Length
308 pages
Annotation
This book discusses and illustrates techniques for selecting, implementing, and evaluating computer security programs. It covers threat and risk assessment methods, computer security organization, security reviews, and principles of safeguard selection.
Abstract
The text describes types of information systems and analyzes the relationships between data processing services and the rest of an organization. The text also defines security, risk avoidance, assets, and threats; discusses the characteristics of accidental and intentional acts that undermine data security; and illustrates security strategies. It explains the application and organization of security functions (deterrence, prevention, detection, recovery, and correction). The text delineates computer privacy and security laws (Privacy Act of 1974, Foreign Corrupt Practices Act, State computer crime laws) and assesses their impact on computer security. The book also details strategies for establishing and implementing computer security programs, beginning with the conduct of a computer security review, which identifies, quantifies, and ranks vulnerabilities for resource allocation and safeguard selection. The text suggests steps to reduce risks based on a threat scenario and risk analysis methodology. These steps include forming a task force to perform the security review and presenting an evaluation and implementation plan to management. The implementation strategy features assessment of the scope of responsibility, development of an assets model and inventory file, threat and risk assessment measurements, selection and evaluation of safeguard selections, and recommendations regarding safeguard implementation. Tables, organizational charts, sample forms, and an index are provided. Appendixes include Federal and State computer crime legislation; discussions of computer-related crime methods, principles of business conduct, data processing organization standards of conduct, and computer controls and audit tools; a computer security survey questionnaire; and examples of computer crime scenarios.