II. BASIC INFORMATION SYSTEMS SECURITY PROBLEMS
A. Natural Disasters
Natural disasters, such as floods, lightning,
brown-outs, fire and earthquakes, are the most obvious security problems for
most organizations. Since the source of these problems is generally
uncontrollable, one must plan for the possibility. Physical location of
computer systems, control of electrical surges or spikes and clean fire
suppression methods are possible techniques to discuss when dealing with this
topic. A pre-defined disaster plan, including appropriate off-site backup,
helps to avoid regret.
B.
Accidental Problems
Many threats to a system result from unintentional
errors created either by a user or by the system itself. Examples include the
accidental disclosure of data, inadvertent modification or destruction of data,
faulty software that may produce incorrect data, residual data left in the
system and that may contaminate new data, and wrong parameters that get passed
inappropriately. The most common forms of accidental threats are employee
mistakes. On-going training programs, both formal and informal, can help prevent
many of these problems.
C.
Malicious Threats
Malicious threats are deliberate attempts to
circumvent or defeat the system’s protection mechanisms, or exploit weaknesses
in such mechanisms. A trapdoor is a “special element that when inserted in a
program or system allows the intruder to bypass protective features safeguarding
the secure functioning of a system.” The Trojan horse technique of
penetration “consists of supplying the computer with what is perceived
appropriate and acceptable information, but in reality contains secret
instructions for unauthorized behavior.”
Users may tamper with data or programs, snoop or
browse through a system or intentionally disclose data. A worm or virus may be
inserted in a program and spread throughout the system. Malicious threats are
the most difficult type of security problem to deal with. They may start from
within or outside the organization.