Computer security in the federal government and the private sector: hearings before the Subcommittee on Oversight of Government Management of the Committee on Governmental Affairs, United States Senate, Ninety-eighth Congress, first session, October 25 and 26, 1983, Volume 4
United States. Congress. Senate. Committee on Governmental Affairs. Subcommittee on Oversight of Government Management
U.S. Government Printing Office, 1983 - 504 pages
Other editions - View all
access control activities adequate Administration ADP system agencies Annual Loss Expectancy application assessment audit automated Automated Information Systems automatic data processing backup Branstad Bureau Circular computer crime computer room computer security computer systems computer-related crime computer-related fraud contingency plan data base Data Encryption Standard Department detection determine division documentation employee encryption equipment evaluate executive executive agencies Federal files fire fraud and abuse functions guidelines hackers hardware HEADLEY identify implementation individual information security information systems input Inspector integrity internal control involved issue law enforcement legislation loss NYCUM Office operating system passwords perpetrator potential pre-employment screening private sector problem procedures prosecution protection questionnaire records responses risk analysis team safeguards security program Senator COHEN sensitive specific standards task techniques telecommunications terminal theft threat tion TREASURY U.S. Government Printing unauthorized worksheets yes no Comments
Page 425 - ... record" means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph; (5) the term system of records...
Page 425 - ... system of records" means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual ; (6) the term "statistical record...
Page 411 - The Honorable Carl Levin Chairman, Subcommittee on Oversight of Government Management Committee on Governmental Affairs United States Senate Dear Mr.
Page 425 - For purposes of this section, the term "agency" as defined in section 551(1) of this title includes any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency.
Page 189 - The level of screening required by these policies should vary from minimal checks to full background investigations commensurate with the sensitivity of the data to be handled and the risk and magnitude of loss or harm that could be caused by the individual. These policies should be established for government and contractor personnel . Personnel security policies for Federal employees shall be consistent with policies issued by the Civil Service Commission. c. Establish a management control process...
Page 109 - Act of 1949, assigned the Office of Management and Budget (OMB), the General Services Administration (GSA), and the Department of Commerce collective responsibility for managing agencies' acquisition and maintenance of ADP resources, but placed OMB in a leadership role.
Page 387 - Federal and private sector auditing and computer security communities, this guideline describes how to establish and how. to carry out a certification and accreditation program for computer security. Certification consists of a technical evaluation of a sensitive system to determine how well it meets Its security requirements.
Page 407 - Proceedings of the second NBS/GAO workshop to develop improved computer security audit procedures. Covers eight sessions: three sessions on managerial and organizational vulnerabilities and controls and five technical sessions on terminals and remote peripherals, communication components, operating systems, applications and non-integrated data files, and data base management systems. Maintenance Testing for the Data Encryption Standard By Jason Gait NBS Spec.
Page 403 - Specifies an algorithm to be implemented in electronic hardware devices and used for the cryptographic protection of sensitive, but unclassified, computer data. The algorithm uniquely defines the mathematical steps required to transform computer data into a cryptographic cipher and the steps required to transform the cipher back to its original form.