skip navigation

PUBLICATIONS

Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.

 

NCJ Number: 52264 Add to Shopping cart Find in a Library
Title: COMPUTER SCIENCE AND TECHNOLOGY - AUDIT AND EVALUATION OF COMPUTER SECURITY
Corporate Author: Lawyers' Cmtte for Civil Rights Under Law
United States of America
Editor(s): Z G RUTHBERG; R G MCKENZIE
Date Published: 1977
Page Count: 258
Sponsoring Agency: Lawyers' Cmtte for Civil Rights Under Law
Washington, DC 20005
National Institute of Justice/
Rockville, MD 20849
Superintendent of Documents, GPO
Washington, DC 20402
Sale Source: Superintendent of Documents, GPO
Washington, DC 20402
United States of America

National Institute of Justice/
NCJRS paper reproduction
Box 6000, Dept F
Rockville, MD 20849
United States of America
Document: PDF
Language: English
Country: United States of America
Annotation: CONSENSUS REPORTS ON 10 TOPICS RELATED TO AUDIT AND EVALUATION OF COMPUTER SECURITY AND DEVELOPED DURING A WORKSHOP DESIGNED TO EXPLORE THE STATE-OF-THE-ART IN THE THEME AREA ARE PRESENTED.
Abstract: THE NATIONAL BUREAU OF STANDARDS, WITH THE SUPPORT OF THE U.S. ACCOUNTING OFFICE, SPONSORED AN INVITATIONAL WORKSHOP ENTITLED 'AUDIT AND EVALUATION OF COMPUTER SECURITY,' HELD IN MIAMI BEACH, FLA., ON MARCH 22-24, 1977. LEADING EXPERTS IN THE AUDIT AND COMPUTER COMMUNITIES WERE INVITED TO DISCUSS THE SUBJECT IN ONE OF TEN SESSIONS, EACH OF WHICH CONSIDERED A DIFFERENT ASPECT OF THE THEME. THE SESSION ON INTERNAL AUDIT STANDARDS DEFINED THE LARGER SUBJECT OF INTERNAL AUDIT OF A COMPUTER SYSTEM, AND THEN DEFINED COMPUTER SECURITY AUDIT. THE QUALIFICATIONS AND TRAINING SESSION DREW UP AN OUTLINE OF THE BROAD BODY OF KNOWLEDGE NEEDED TO PERFORM A COMPUTER SECURITY AUDIT. THE GROUP CONSIDERING SECURITY ADMINISTRATION DISCUSSED THE LEGAL BASIS FOR ESTABLISHING A SECURITY ADMINISTRATION FUNCTION IN A FEDERAL ORGANIZATION AND DEFINED THE SECURITY ADMINISTRATION FUNCTION. FOUR CONCEPTUAL MODULES FOR THE DEVELOPMENT OF AN OPEN-ENDED STRUCTURED MODEL OF COMPUTER SECURITY AUDIT WERE IDENTIFIED IN THE SESSION ENTITLED 'AUDIT CONSIDERATIONS IN VARIOUS SYSTEM ENVIRONMENTS.' THE SESSION ON ADMINISTRATIVE AND PHYSICAL CONTROLS ESTABLISHED THE THESIS THAT THE CONCERNS OF DATA SECURITY AND THE RESPONSIBILITIES OF THE AUDITOR ARE COMPLEMENTARY, SINCE BOTH DEAL WITH THE PROTECTION OF RESOURCES WITHIN THE DATA PROCESSING MISSION. SUGGESTIONS FOR THE AUDITOR ARE ALSO INCLUDED. THE 'PROGRAM INTEGRITY' SESSION EMPHASIZES THAT PROGRAM INTEGRITY MUST BE CONSIDERED OVER THE ENTIRE LIFE CYCLE OF THE PROGRAM. SAFEGUARDS HAVING A DIRECT BEARING ON DATA INTEGRITY AUDIT WERE DISCUSSED IN THE 'DATA INTEGRITY' GROUP. REPORTS ARE ALSO INCLUDED FOR SESSIONS DEALING WITH COMMUNICATIONS, POSTPROCESSING AUDIT TOOLS AND TECHNIQUES, AND INTERACTIVE AUDIT TOOLS AND TECHNIQUES. (RCB)
Index Term(s): Computer privacy and security; Data integrity; Data security; Evaluation; Training; Workshops and seminars
Note: PROCEEDINGS OF THE NATIONAL BUREAU OF STANDARDS INVITATIONAL WORKSHOP HELD AT MIAMI BEACH, FL, MARCH 1977
To cite this abstract, use the following link:
http://www.ncjrs.gov/App/publications/abstract.aspx?ID=52264

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.