Managing Computers in Large Organizations
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Manag<strong>in</strong>g</strong> Microcomputers <strong>in</strong> <strong>Large</strong> <strong>Organizations</strong><br />
http://www.nap.edu/catalog/167.html<br />
About this PDF file: This new digital representation of the orig<strong>in</strong>al work has been recomposed from XML files created from the orig<strong>in</strong>al paper book, not from the<br />
orig<strong>in</strong>al typesett<strong>in</strong>g files. Page breaks are true to the orig<strong>in</strong>al; l<strong>in</strong>e lengths, word breaks, head<strong>in</strong>g styles, and other typesett<strong>in</strong>g-specific formatt<strong>in</strong>g, however, cannot be<br />
reta<strong>in</strong>ed, and some typographic errors may have been accidentally <strong>in</strong>serted. Please use the pr<strong>in</strong>t version of this publication as the authoritative version for attribution.<br />
MANAGING MICROCOMPUTERS AND END-USER COMPUTING SOME CRITICAL<br />
ISSUES<br />
greater concern is warranted. When thousands of people are access<strong>in</strong>g sensitive<br />
corporate or agency data, the probability is that someone will remove<br />
competitively sensitive data on a floppy disk. A floppy disk is convenient; it is<br />
easy to transfer data to it; it can hold hundreds of pages of data. A person can<br />
walk out of a build<strong>in</strong>g with it unobserved. The contents need not be identifiable<br />
externally. How does a security guard know what is on one?<br />
There is also the well-publicized problem of illegal access by telephone.<br />
S<strong>in</strong>ce solutions to this k<strong>in</strong>d of unauthorized access are known, the problem falls<br />
<strong>in</strong>to the adm<strong>in</strong>istrative area. It should be possible to detect and trap<br />
unauthorized dial-<strong>in</strong> access.<br />
Access to a computer system is possible not only directly through the<br />
normal log-on process, but also by tapp<strong>in</strong>g communications l<strong>in</strong>ks and by<br />
removal of media such as floppy disks. To elim<strong>in</strong>ate loss through these means<br />
some form of encryption is required to protect the data even when the media are<br />
compromised, or to make decod<strong>in</strong>g so expensive that potential thieves are<br />
dissuaded.<br />
These measures are expensive, as are any security measures. To justify<br />
them the potential loss from a security breach must be greater than the cost of<br />
the security measures. The organizations we have worked with limit their<br />
security measures to password systems. Some depend only on the log-on<br />
password; others have protection at the file level, so the end user must know<br />
two or three passwords. A few have additional password protection at the<br />
operat<strong>in</strong>g systems level. I know of no commercial firm that uses encryption <strong>in</strong><br />
relation to the k<strong>in</strong>d of end-user comput<strong>in</strong>g we are discuss<strong>in</strong>g. Ultimately, most<br />
organizations depend on a trustworthy work force.<br />
Microcomputers are removed from the direct control of the ma<strong>in</strong>frame,<br />
and therefore are not guided by data process<strong>in</strong>g standards. Does the use of<br />
micros create additional security problems? To answer this we must dist<strong>in</strong>guish<br />
between external and <strong>in</strong>ternal breaches of security. In terms of external attempts<br />
to <strong>in</strong>vade the system, it seems to me that micros do not add problems.<br />
Physically lock<strong>in</strong>g the micro and any removable media may be necessary <strong>in</strong><br />
some cases. However, data down-loaded to a micro is not at greater risk than<br />
data pr<strong>in</strong>ted out, or data put on a floppy disk, or microfiche, or any other<br />
removable media. In relation to <strong>in</strong>ternal security leaks, the micro, as a powerful<br />
<strong>in</strong>formation processor, may provide opportunities for access and removal<br />
88<br />
Copyright © National Academy of Sciences. All rights reserved.