Search results

Introduces a series of contributions on computer security. Begins by pointing out that information is an organizational asset which needs to be protected. Policies are the primary building blocks for every information security effort. In order to be successful with information security, every organization must have a set of policies which establishes both direction and management support. Discusses the role and function of the information security management specialist within the organization. Finally outlines possible exceptions to information security policies.

Suggests that computer passwords can pose a major computer security risk, as password guessing is the most prevalent and effective method of system penetration. Introduces a new computer package which can address this problem by generating difficult‐to‐guess passwords by removing human judgement from the password construction process.

Defines a frequently encountered method for assigning information security responsibilities involving three terms: “owners”; “custodians”; and “users”. The objective of this responsibility assignment is clearly to indicate “where the buck stops”; owners being ultimately responsible for certain information, including its security. Custodians are actually in possession of it and implement and administer controls over it, according to owner instructions. Users are given access to data within guidelines from the owner.Quality indicators Research implications** Practice implications** Originality** Readability***

Points out the job security risk to those responsible for the security of computerized information systems in the event of system failure resulting in financial loss. Argues that prevention of system problems is far less expensive than after‐the‐event mitigation. Makes a distinction between disasters and emergencies and focuses on the latter. Recommends and provides guidelines for, the establishment of a computer emergency response team to provide accelerated problem detection, damage control and problem correction services.

Passwords have a convenience which other access controls do not. However, they must be made more effective through difficult‐to‐guess, easy‐to‐remember techniques, supported by policies and rules for their construction and expiration. Provides some guidelines for choosing passwords.

Discusses risks to organizational computer security following staff termination and provides anecdotal evidence of what can go wrong. Suggests a policy for dealing with computer security in the event of staff leaving an organization.

Discusses the necessity of computer access control mechanisms, particularly passwords, to protect information. Suggests that many organizations allow practices which compromise the security of their data. Highlights a policy on the proper storage of passwords and other security parameters which should form the foundation of an information security effort.

Proposes that one of the fundamental design principles of information security is that information should be consistently protected, and that this principle should apply in all instances. Investigates how policies for sending secret information might be implemented, e.g. by encryption. Concludes that the policy applies to many environments.

Presents a policy considered necessary to prevent breaches of security when software is moved from development to production. Contends that although information is a valuable, global commodity it is often unprotected. Presents suggestions to prevent encryption code from being broken. Gives guidelines for the security of encryption keys. Looks at the costs and benefits of encryption, packet encryption and the Internet. Discusses US policy, the US Computer Security Act and the US government proposals for information security

Suggests a policy for checking the backgrounds of employees in computer‐related positions of trust, including examination of any criminal records, lawsuit records, credit bureau records and previous employment.