Computer security in the federal government and the private sector: hearings before the Subcommittee on Oversight of Government Management of the Committee on Governmental Affairs, United States Senate, Ninety-eighth Congress, first session, October 25 and 26, 1983, Volume 4 |
From inside the book
Results 1-5 of 13
Page 336
... forms required for this task : Organizational and functional charts . Security - related documentation which ... Vulnerability Questionnaire found in Appendix D. Blank Vulnerability Findings Forms found in Appendix E. a . Step 1 ...
... forms required for this task : Organizational and functional charts . Security - related documentation which ... Vulnerability Questionnaire found in Appendix D. Blank Vulnerability Findings Forms found in Appendix E. a . Step 1 ...
Page 337
... vulnerability findings forms . Describe any planned corrective actions in the possible safeguards sections of the forms . Also , write the division name and location , and the questionnaire page number . Attach the forms to the copy of ...
... vulnerability findings forms . Describe any planned corrective actions in the possible safeguards sections of the forms . Also , write the division name and location , and the questionnaire page number . Attach the forms to the copy of ...
Page 338
... vulnerability findings forms . Identify the vulnerability by a specific , not a generic name . " Failure to change cypher combination , " for example , would be the name of the vulnerability and not " inadequate physical access control ...
... vulnerability findings forms . Identify the vulnerability by a specific , not a generic name . " Failure to change cypher combination , " for example , would be the name of the vulnerability and not " inadequate physical access control ...
Page 339
... vulnerability findings form . Write down annual and one - time costs . Write the date of those safeguards that are ... forms . Reference the form number on which it is described on the other forms , and place an asterisk by the safeguard ...
... vulnerability findings form . Write down annual and one - time costs . Write the date of those safeguards that are ... forms . Reference the form number on which it is described on the other forms , and place an asterisk by the safeguard ...
Page 340
... vulnerability findings form and recommend possible additional safeguards . ( 3 ) Compare available site - specific and resident statistics on the threat frequency of an occurrence with ... vulnerability findings forms from II - 43 340.
... vulnerability findings form and recommend possible additional safeguards . ( 3 ) Compare available site - specific and resident statistics on the threat frequency of an occurrence with ... vulnerability findings forms from II - 43 340.
Other editions - View all
Common terms and phrases
access control activities adequate Administration ADP system agencies Annual Loss Expectancy application assessment audit automated Automated Information Systems automatic data processing backup Branstad Bureau computer crime computer room computer security computer systems computer-related crime computer-related fraud contingency plan data base Data Encryption Standard Department detection determine division documentation employee encryption equipment evaluate executive executive agencies Federal files fire fraud and abuse functions guidelines hackers hardware HEADLEY identify implementation individual information security information systems input Inspector integrity internal control involved issue law enforcement legislation loss NYCUM Office operating system passwords perpetrator potential pre-employment screening private sector problem procedures prosecution protection questionnaire records responses risk analysis team safeguards security program Senator COHEN sensitive specific standards task techniques telecommunications terminal theft threat tion TREASURY U.S. Government Printing unauthorized vulnerability findings forms worksheets yes no Comments
Popular passages
Page 425 - ... record" means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph; (5) the term system of records...
Page 425 - ... (9) establish rules of conduct for persons involved in the design, development, operation, or maintenance of any system of records...
Page 425 - ... system of records" means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual ; (6) the term "statistical record...
Page 411 - The Honorable Carl Levin Chairman, Subcommittee on Oversight of Government Management Committee on Governmental Affairs United States Senate Dear Mr.
Page 425 - For purposes of this section, the term "agency" as defined in section 551(1) of this title includes any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency.
Page 189 - The level of screening required by these policies should vary from minimal checks to full background investigations commensurate with the sensitivity of the data to be handled and the risk and magnitude of loss or harm that could be caused by the individual. These policies should be established for government and contractor personnel . Personnel security policies for Federal employees shall be consistent with policies issued by the Civil Service Commission. c. Establish a management control process...
Page 109 - Act of 1949, assigned the Office of Management and Budget (OMB), the General Services Administration (GSA), and the Department of Commerce collective responsibility for managing agencies' acquisition and maintenance of ADP resources, but placed OMB in a leadership role.
Page 387 - Federal and private sector auditing and computer security communities, this guideline describes how to establish and how. to carry out a certification and accreditation program for computer security. Certification consists of a technical evaluation of a sensitive system to determine how well it meets Its security requirements.
Page 407 - Proceedings of the second NBS/GAO workshop to develop improved computer security audit procedures. Covers eight sessions: three sessions on managerial and organizational vulnerabilities and controls and five technical sessions on terminals and remote peripherals, communication components, operating systems, applications and non-integrated data files, and data base management systems. Maintenance Testing for the Data Encryption Standard By Jason Gait NBS Spec.
Page 403 - Specifies an algorithm to be implemented in electronic hardware devices and used for the cryptographic protection of sensitive, but unclassified, computer data. The algorithm uniquely defines the mathematical steps required to transform computer data into a cryptographic cipher and the steps required to transform the cipher back to its original form.