Advertisement

Human resources systematically applied to ensure computer security

  • V. P. Lane
  • F. G. Wright
System Use
Part of the Lecture Notes in Computer Science book series (LNCS, volume 65)

Abstract

In order to maintain the integrity of a computing service, it is essential to assume that there is no limit to the ingenuity of men who wish to break the service's security measures and no limit to the carelessness of those parties given responsibility for maintaining its integrity.

From a statement of security requirements from the point of view of the user, the paper discusses the practicalities of satisfying these objectives. This is an extremely demanding task. However, if it is approached in a systematic manner it can often be achieved without any great increase in operating costs.

A great deal of attention has been given to security aspects of hardware and systems software, and consequently the personnel, a vulnerable area, has received little or no attention. The paper explores the contribution that end-user and computer personnel make to computer security through their routine duties. The paper identifies the need for, and the methods to achieve, a logically developed approach to security, to enable those responsible for computing, both end-users and data processing professionals, to identify, evaluate, and deal effectively with their own security requirements. The basic philosophy of physical, document and personnel security must be applied in concert, for if they are applied independently they are ineffective.

Keywords

Security Requirement Computing Service Equity Fund Computer Department Computer Unit 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Kluwer Harrap Handbooks. ‘Handbook of security'. Kluwer Harrap, Netherlands, 1977.Google Scholar
  2. 2.
    Hemphill, C.F., and J.M. 'security procedures for computer systems'. Dow Jones-Irwin, Illinois, USA.Google Scholar
  3. 3.
    Sharrat, J.R. ‘Data control guidelines'. National Computing Centre, Manchester, England, 1974.Google Scholar
  4. 4.
    Hamilton, P. ‘Computer security’ Cassell Associated Business Programmes, 1972.Google Scholar
  5. 5.
    Hampshire Regional Health Authority. ‘Report of members enquiry into salary misappropriation at area headquarters'. Hampshire Regional Health Authority, UK, June 1977.Google Scholar
  6. 6.
    Computerview. ‘The ICI ransom case: some lessons to be learnt'. Computer Weekly, IPC Business Press, 9 Feb., 1978, pp2.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1978

Authors and Affiliations

  • V. P. Lane
    • 1
  • F. G. Wright
    • 1
  1. 1.Southern Water Authority WorthingWest SussexUK

Personalised recommendations