Human resources systematically applied to ensure computer security
In order to maintain the integrity of a computing service, it is essential to assume that there is no limit to the ingenuity of men who wish to break the service's security measures and no limit to the carelessness of those parties given responsibility for maintaining its integrity.
From a statement of security requirements from the point of view of the user, the paper discusses the practicalities of satisfying these objectives. This is an extremely demanding task. However, if it is approached in a systematic manner it can often be achieved without any great increase in operating costs.
A great deal of attention has been given to security aspects of hardware and systems software, and consequently the personnel, a vulnerable area, has received little or no attention. The paper explores the contribution that end-user and computer personnel make to computer security through their routine duties. The paper identifies the need for, and the methods to achieve, a logically developed approach to security, to enable those responsible for computing, both end-users and data processing professionals, to identify, evaluate, and deal effectively with their own security requirements. The basic philosophy of physical, document and personnel security must be applied in concert, for if they are applied independently they are ineffective.
KeywordsSecurity Requirement Computing Service Equity Fund Computer Department Computer Unit
- 1.Kluwer Harrap Handbooks. ‘Handbook of security'. Kluwer Harrap, Netherlands, 1977.Google Scholar
- 2.Hemphill, C.F., and J.M. 'security procedures for computer systems'. Dow Jones-Irwin, Illinois, USA.Google Scholar
- 3.Sharrat, J.R. ‘Data control guidelines'. National Computing Centre, Manchester, England, 1974.Google Scholar
- 4.Hamilton, P. ‘Computer security’ Cassell Associated Business Programmes, 1972.Google Scholar
- 5.Hampshire Regional Health Authority. ‘Report of members enquiry into salary misappropriation at area headquarters'. Hampshire Regional Health Authority, UK, June 1977.Google Scholar
- 6.Computerview. ‘The ICI ransom case: some lessons to be learnt'. Computer Weekly, IPC Business Press, 9 Feb., 1978, pp2.Google Scholar