IV. Data Security
A. Software Control
Most popular operating systems used on
microcomputers lack adequate security control. Unless measures are taken, this
lack of control can lead to serious security violations. The measures may range
from use of simple passwords to electronic devices, both of which restrict
logon/logoff to authorized persons.
Unless duly authorized, copying computer programs
should not be allowed. In addition to the legal problems, program libraries
and/or data files become susceptible to sabotage (for example, by the insertion
of a computer virus). Further, monitor the use of utility programs to make sure
the contents of other programs and stored data have not been changed. Many of
these programs can be executed without leaving a trace of their activities.
Backup procedures are needed to protect against
major loss of files or programs and minor problems such as disk read errors.
Delineate and enforced a corporate policy to safeguard against potential
disasters. Identify the programs and data to be stored, the media on which the
files are to be stored, the frequency of backup and who is responsible. The disk
backup procedure should be classified as either complete or partial backup. A
complete backup treats the disk as a whole and copies it in its entirety to the
backup medium (i.e., no attempt is made to identify individual files). A partial
backup identifies files to be copied and transfers them to the backup device.
Frequently, the partial backup is used to collect those files that have been
changed since the last backup.
Utilities, such as Norton’s Utilities or PCTools,
are useful tools to recover files from a disk that has had the File Allocation
Table (FAT) damaged or has had files deleted.
Data Encryption and Access Control.
Various security products have been developed to
protect sensitive data stored on microcomputers. These products, sometimes
called environment control packages, provide for encryption (encoding) and
system/file access control but, also, password protection and audit trail
capability. In most cases the program must reside on a hard disk and a system
manager must control passwords and system specifications. The program may
control the entire system operation from logon to logoff.
A typical product of this type would include these
Boot Protection – Intruders are not able to
bypass the hard disk and boot the system from drive A.
Password Verification – Each user must enter a
password before access to the system is permitted.
User Segregation – While all users may be able
to use any program on the disk, each user’s personal files are inaccessible
Definable User Lockout – Users may be restricted
from using programs not essential to their jobs.
Data Encryption – Data encryption for individual
files or for all files may be selected.
Audit Trail – The audit trail can be customized
to include unauthorized access attempts and all system manager functions.