IV. Data Security

A. Software Control

Most popular operating systems used on microcomputers lack adequate security control. Unless measures are taken, this lack of control can lead to serious security violations. The measures may range from use of simple passwords to electronic devices, both of which restrict logon/logoff to authorized persons.

Unless duly authorized, copying computer programs should not be allowed. In addition to the legal problems, program libraries and/or data files become susceptible to sabotage (for example, by the insertion of a computer virus). Further, monitor the use of utility programs to make sure the contents of other programs and stored data have not been changed. Many of these programs can be executed without leaving a trace of their activities.

B. Backup Procedures.

Backup procedures are needed to protect against major loss of files or programs and minor problems such as disk read errors. Delineate and enforced a corporate policy to safeguard against potential disasters. Identify the programs and data to be stored, the media on which the files are to be stored, the frequency of backup and who is responsible. The disk backup procedure should be classified as either complete or partial backup. A complete backup treats the disk as a whole and copies it in its entirety to the backup medium (i.e., no attempt is made to identify individual files). A partial backup identifies files to be copied and transfers them to the backup device. Frequently, the partial backup is used to collect those files that have been changed since the last backup.

C. Recovery Techniques.

Utilities, such as Norton’s Utilities or PCTools, are useful tools to recover files from a disk that has had the File Allocation Table (FAT) damaged or has had files deleted.

D. Data Encryption and Access Control.

Various security products have been developed to protect sensitive data stored on microcomputers. These products, sometimes called environment control packages, provide for encryption (encoding) and system/file access control but, also, password protection and audit trail capability. In most cases the program must reside on a hard disk and a system manager must control passwords and system specifications. The program may control the entire system operation from logon to logoff.

A typical product of this type would include these functions:

  • Boot Protection – Intruders are not able to bypass the hard disk and boot the system from drive A.
  • Password Verification – Each user must enter a password before access to the system is permitted.
  • User Segregation – While all users may be able to use any program on the disk, each user’s personal files are inaccessible to others.
  • Definable User Lockout – Users may be restricted from using programs not essential to their jobs.
  • Data Encryption – Data encryption for individual files or for all files may be selected.
  • Audit Trail – The audit trail can be customized to include unauthorized access attempts and all system manager functions.
NIATEC National Science Foundation Information Assurance Directorate Department of Homeland Security CISSE Scholarship For Service