CONTROLLING ACCESS TO SYSTEMS AND DATA Mr. Walter W. Haase, Session Chairman Deputy Assistant Director, Information Systems, The Need and Significance of Controlled Accessibility Appendix B Publications/References Cited at the Conference 1. "Records, Computers and the Rights of Citizens," Report of the Secretary's Advisory Committee on Automated Personal Data Systems, U.S. Department of Health, Education and Welfare, July 1973, U.S. Government Printing Office (Stock No. 1700-00116), Washington, D.C. 20401, Price $2.35, postpaid. 2. Federal Fire Council Publication RP-1, "Fire Protection for Essential Electronic Equipment," available from: National Technical Information Service (NTIS), 5285 Port Royal Road, Springfield, Virginia 22151, under document number AD-692-662. Price $6.00. 3. DOD Directive 5200.28 and appendix 5200.28 M. the Pentagon, Washington, D.C. 20301. Office of the Secretary of Defense, 4. "Computer Security Technology Planning Study," October 1972, Electronic Systems Division, L.G. Hanscom Field, Bedford, Massachusetts 01730, ESD-7R-51, Vol. I and II. 5. Report of GUIDE Subcommittee on Security Requirements. 6. Project SEARCH Security and Privacy Publications available from: Project SEARCH, CCTRF, 1927 13th Street, Sacramento, California 95814. 7. GMIS Project 73 publication: An Administrative Guideline for Security and Confidentiality in State and Local Government Data Centers, GMIS, 138 East Court Street, Cincinnati, Ohio 45202, price $25.00. Appendix C Preview of Conference on Privacy and Computer Security This Conference is planned as a sequel to the November 1973 Conference to continue the dialog and interaction among government, industry and public interest groups that is needed for effective resolution of the privacy and computer security issues. More specifically, this Conference provides an opportunity for the computer industry and other groups in the public and private sectors to present solutions, ideas, and approaches for dealing with the governmental needs and problems outlined in this Conference Report. The suggestions may include legislative, technological or managerial measures, and may focus on existing state-of-the-art techniques, advanced methodologies currently under development or promising research interests of a longer range nature. Attendance at the Conference is open to all interested persons, including management and technical personnel from Federal, State, and local governments, the computer industry, public interest groups, professional associations, academia and privacy and security experts. Government Looks at Privacy and Security in Computer Systems. 7. AUTHOR(S) Clark R. Renninger and Dennis K. Branstad, Editors 9. PERFORMING ORGANIZATION NAME AND ADDRESS NATIONAL BUREAU OF STANDARDS 12. Sponsoring Organization Name and Complete Address (Street, City, State, ZIP) Same as No. 9 5. Publication Date February 1974 6. Performing Organization Code 8. Performing Organ. Report No. 10. Project/Task/Work Unit No. 640.1110 11. Contract/Grant No. 13. Type of Report & Period 14. Sponsoring Agency Code 15. SUPPLEMENTARY NOTES 16. ABSTRACT (A 200 word or less factual summary of most significant information. If document includes a significant bibliography or literature survey, mention it here.) This publication summarizes the proceedings of a conference held for the purpose of highlighting the needs and problems of Federal, State and local government in safeguarding individual privacy and protecting confidential data contained in computer systems from loss or misuse. The Conference was held at the National Bureau of Standards on November 19-20, 1973. The origin of governmental problems is discussed in the context of the public's concern for privacy arising out of computer-based recordkeeping, the diverse legislative actions how being taken to safeguard privacy, the threats to the security of computer-based information systems and the technological problems associated with protecting against such threats. Useful distinctions are drawn between privacy, confidentiality and security to clarify the issues and allocate responsibilities for solving the problem among lawmakers, technologists and management. Major needs are described. These include the need for cohesive Federal, State and local legislation, technological guidelines and standards for assuring uniform compliance with legislative requirements; management guidelines for identifying and evaluating threats to security; and improved technological mechanisms for controlling to computer systems and networks. Cost implications of providing security measures are discussed. access 17. KEY WORDS (six to twelve entries, alphabetical order, capitalize only the first letter of the first key word unless a proper name, separated by semicolons) Computer systems, privacy and security; confidentiality; privacy; security. |