Computer Security in the Federal Government and the Private Sector: Hearings Before the Subcommittee on Oversight of Government Management of the Committee on Governmental Affairs, United States Senate, Ninety-eighth Congress, First Session, October 25 and 26, 1983 |
Other editions - View all
Common terms and phrases
adequate Administration ADP facility ADP system agencies Annual Loss Expectancy application audit automated Automated Information Systems automatic data processing backup Branstad Circular computer crime computer security computer systems computer-related crime computer-related fraud Contingency Planning data base Data Encryption Standard Department detection determine division documentation electronic employee encryption equipment Evaluation executive Federal files FIPS PUB fire fraud and abuse functions guidelines hackers hardware HEADLEY identify implementation individual information systems input integrity internal control involved law enforcement LIBRARY OF CONGRESS logic bomb loss NYCUM Office operating system passwords performed perpetrator physical security potential Privacy private sector problem procedures protection records responses risk analysis team risk management safeguards schedule security program Senator COHEN sensitive specific system security tasks techniques telecommunications terminal theft threat tion unauthorized vulnerability worksheets yes no Comments
Popular passages
Page 449 - The Honorable Carl Levin Chairman, Subcommittee on Oversight of Government Management Committee on Governmental Affairs United States Senate Dear Mr.
Page 63 - ... (10) establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained...
Page 440 - August 1979 Presents a technique for conducting a risk analysis of an ADP facility and related assets. Provides guidance on collecting, quantifying, and analyzing data related to the frequency of caused by adverse events. This guideline describes the characteristics and attributes of a computer system that must be known for a risk analysis and gives an example of the risk analysis process.
Page 187 - The level of screening required by these policies should vary from minimal checks to full background investigations commensurate with the sensitivity of the data to be handled and the risk and magnitude of loss or harm that could be caused by the individual. These policies should be established for government and contractor personnel . Personnel security policies for Federal employees shall be consistent with policies issued by the Civil Service Commission. c. Establish a management control process...
Page 181 - The Department of Commerce is responsible for aiding in the achievement of increased cost effectiveness in the selection, acquisition, and utilization of automatic data processing equipment, and in this connection will perform the following functions : a. Provide advisory and consultative services to executive agencies on the methods for developing information systems based on the use of computers and the programing and languages thereof.
Page 107 - Act of 1949, assigned the Office of Management and Budget (OMB), the General Services Administration (GSA) , and the Department of Commerce collective responsibility for managing agencies' acquisition and maintenance of ADP resources, but placed OMB in a leadership role.
Page 353 - Hardware maintenance may be performed while production data is on-line and the equipment undergoing maintenance is not isolated. • An operator may perform unauthorized acts for personal gain (eg, make extra copies of competitive bidding reports, print copies of unemployment checks, delete a record from journal file).
Page 441 - Describes the need for and uses of passwords. Password schemes are categorized according to selection technique, lifetime, physical characteristics and information content. Password protection and cost considerations are discussed. A glossary and annotated bibliography are included.
Page 356 - Unauthorized modification to the operating system may allow a data entry clerk to enter programs and thus subvert the system. • An operating system crash may expose valuable information such as password lists or authorization tables.
Page 199 - The Commission is publishing this notice to solicit comments on the proposed rule change from interested persons. I. Self-Regulatory Organization's Statement of the Terms of Substance of the Proposed Rule Change. The text of the proposed rule change is filed as Exhibit "A".