Information Technology: Security of Computer Systems

Citation
General Accounting Office, Information Technology: Security of Computer Systems (Sept. 28, 1977) (full-text).\

Overview
Computer security is a set of policies, procedures, and practices which are designed to assure that the unauthorized use of data resources is prevented or at least significantly inhibited and that the authorized use of these resources is carried out as reliably, accurately, and with as little interruption and loss as possible. GAO believes that the computer security area is so significant that it demands top management attention. Since the Federal Government is the largest user of computers in the world, GAO reviewed the Government's practices in the computer security area and found that Government computer systems were not being properly protected. Consequently, there have been losses of equipment, software, data, funds, personnel injuries, and life. This includes such actions as crimes, espionage, mischief, and sabotage. GAO also found that computerization tends to centralize Government assets and data making them more vulnerable to destruction or alterations than ever before. However, to correct some of the abuses that exist in Government computer systems, GAO advocates an organized plan that separates the duties of individuals to minimize opportunity for misuse or misappropriation, a system of authorization and record procedure to provide accounting control, an established system of practices for each duty and function of the organizational element, and an effective system of internal review. GAO also recommends the appointment of a high management official to be responsible for security, including management of security and security planning with the use of risk assessment methods.