Professional Documents
Culture Documents
It is imperative to recognize that automated systems, which provide essential services, are
vulnerable to natural disasters or to someone who has the resources to compromise a computer
system. Appropriate security measures should be taken to ensure protection from accidental and
deliberate threats to confidentiality and integrity of data. Whilst it is accepted that absolute security is
unrealistic, steps should be taken to optimise your computer system at a cost that is relative to the
reduction in the risk.
The security of files on computers is paramount and the use of password access is strongly
recommended for users.
For employees who vacant their position either on transfer to another area or to another employer,
risk management procedures should be implemented to ensure their access to the nominated
computer system is revoked. Too often, users retain access to computer systems and files for
lengthy periods of time after they have left their previous position. This creates an opportunity for
criminal offences to be committed and possible corruption and loss of data.
Whilst there are avenues available to retrieve data that is lost, it can be an expensive cost to incur
for something that is easily preventable.
The deleting of files from computer systems may constitute the criminal offence of fraud in
Queensland, if it is shown that there has been a dishonest action to cause some detriment to the
complainant in question.
Likewise, the theft of files may also constitute the criminal offence of stealing in Queensland, if it is
shown that there is some intent on behalf of the offender to use the files for some purpose.
Matters such as disputes over the ownership of files, may give rise to copyright breaches and
remedies in these matters should be sought via civil action if deemed necessary, rather than criminal
complaints to police.
Identify the computer system assets that require protection (i.e. data, software, hardware,
media, services and supplies)
Determine the value of each asset
Identify potential threats associated with each asset
Identify the vulnerability of the computer/EDP system to each of these threats
Assess the risk exposure for each asset
Select and implement security measures
Audit and refine the security program on a regular basis especially when employees depart
on a permanent basis
Data Diddling
A simple and common computer related crime that involves changing data prior to or during input to
a computer. Data can be changed by anyone involved in the process of creating, recording,
encoding, examining, checking, converting, or transporting computer data.
Minimize the risk of diddling by applying internal security controls
Trojan Horse
A Trojan Horse involves the placement of unwanted computer instructions in a program so that the
host computer will perform some undesired/unauthorized function. The instructions enter the target
system hidden in some other message or program, thus the name Trojan Horse.
Minimize the risk of attack by a Trojan Horse by implementing security control measures for
all incoming data containing hidden content.
Logic Bomb
A Logic Bomb is a computer program executed at a specific time to cause damage to computer
programs or data. Logic Bombs often enter a computer system using the Trojan Horse method, but
differ because their presence is detected only after the bomb "blows up."
For example, a disgruntled employee may write a computer program to cause the company's
computer system to crash at a particular date. At the specified date and time, the system crashes
costing hundreds of hours and thousands of dollars to restore.
Minimize the risk by using security methods that verify the system for inappropriate content.
Impersonation
When a password and user identifier controls access to a computer system, the most common
method to gain access to the system is to impersonate an authorised user.
Impersonation in the workplace may be accomplished as easily as taking an authorised user's place
at an unattended terminal that has not been logged off. However, impersonation usually requires
that the intruder have access to two or three pieces of information:
Computer Virus
When a password and user identifier controls access to a computer system, the most common
method to gain access to the system is to impersonate an authorised user.
Impersonation in the workplace may be accomplished as easily as taking an authorised user's place
at an unattended terminal that has not been logged off. However, impersonation usually requires
that the intruder have access to two or three pieces of information:
Minimize the risk of infection by incorporating virus scanning into the start-up of the computer
system and scan any new software and files prior to use