Human resources systematically applied to ensure computer security

Abstract

In order to maintain the integrity of a computing service, it is essential to assume that there is no limit to the ingenuity of men who wish to break the service's security measures and no limit to the carelessness of those parties given responsibility for maintaining its integrity. From a statement of security requirements from the point of view of the user, the paper discusses the practicalities of satisfying these objectives. This is an extremely demanding task. However, if it is approached in a systematic manner it can often be achieved without any great increase in operating costs. A great deal of attention has been given to security aspects of hardware and systems software, and consequently the personnel, a vulnerable area, has received little or no attention. The paper explores the contribution that end-user and computer personnel make to computer security through their routine duties. The paper identifies the need for, and the methods to achieve, a logically developed approach to security, to enable those responsible for computing, both end-users and data processing professionals, to identify, evaluate, and deal effectively with their own security requirements. The basic philosophy of physical, document and personnel security must be applied in concert, for if they are applied independently they are ineffective.