Printer Friendly

The Manager's Guide to Computer Security.

Early in this book the author touches on a major problem relating to computer security: determining the value of data and how that value changes over time.

From a security standpoint, the value of data helps determine the amount and distribution of resources necessary to protect that information. Of course, the value of data depends on an individual's perception of and use for the data.

Thompson points out four main categories of people concerned with data value: the data owner; the keeper of the information (the individuals controlling and using the information); the source of the information; and the intruder (an outsider or insider who wants access to and control of the information when both are unauthorized).

The type of information--operating information, corporate information, or personal information--should also be considered when determining potential threats.

The Manager's Guide to Computer Security stresses that the advantages of a computer system are the speed in processing data, the accuracy and integrity of the stored data, and the ability of a computer system to store vast amounts of data in a compact form.

Ironically, these same advantages can be disadvantages from a security viewpoint. Computer systems have inherent weaknesses that make them vulnerable to the negligent, malicious, or just plain curious. The following are examples:

Size. A small diskette may be surreptitiously removed from an office or easily damaged by accident or design.

Obscurity. The nature of electronically stored data means it cannot be visually inspected for signs of tampering, removal, or accuracy; nor can its copying or transmission be easily accounted for.

Retention. Improperly demagnetized material still retains images of certain material. Tests have shown it is possible to recover some data after 12 overwrites. In the MS-DOS operating environment, deletion of a file merely removes the pointer from the directory while leaving the data intact.

Forgery. The modification of stored data can easily be done but not easily detected.

People. The greatest threat in the security spectrum continues to be the trusted, knowledgeable employee.

The author also describes the three broad categories of security threats to a computer system: disclosure, modification, and denial of service. He goes on to list the litany of natural and man-made or machine-related threats an analyst would examine during a risk assessment. All of these items help establish the book's validity.

The book provides statistics on computer crime in the United Kingdom, the United States, and Australia. It also examines hackers and their methods of attack. The book also mentions viruses--both benign and malignant--and discusses American and English laws as they apply to privacy, communications, and fraud.

Thompson also provides a checklist for PC owners regarding what they should be doing to improve their security posture. He provides a glossary of terms used in the book and directs readers to several vendors that can provide risk management information, backup operational sites, and computer security products. The only drawback for American readers is that these firms are all located in Europe.

I enjoyed reading this book and would recommend it to my friends and other security professionals--especially those in the international scene--as an informative reference.

Reviewer: Howard Keough, CPP, senior computer security analyst at Mantech International-Jaehne Division in Rockville, MD, and member of the ASIS Standing Committee on Computer Security.
COPYRIGHT 1992 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1992 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Keough, Howard
Publication:Security Management
Article Type:Book Review
Date:Feb 1, 1992
Previous Article:Setting and achieving professional goals.
Next Article:Corporate Computer Security Issues and Strategies.

Related Articles
Network Security: A Beginner's Guide.
Halting the Hacker: A Practical Guide to Computer Security, 2d edition. (Reviews).
A Security Professional's Practical Guide to the Law.
Cisco Press.
Facility Manager's Guide to Security: Protecting Your Assets .
Defeating the Hacker: A Non-Technical Guide to Computer Security.
Information Security.
IT Governance.
IT Governance.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters