• Home

  • Documents

  • Practical computer security: Shopping for computer security
1
SHOPPING FOR COMPUTER SECURITY According to the US Department of Justice and numerous security experts, the el~o.nic office is becoming almost as likely a target of criminal activity as the convenience store around the corner. It seems that microcomputers, word processors:and electronic message systems make for easy pickings indeed, As the threat of criminal trespass, theft, fraud, vandal- ism, and other forms of abuse escalate, so do efforts Certainly, there is no shortage of security systems from which to choose. At a recent security conference in San Antonio, Texas, more than 200 vendors of security-related products gathered to display their wares. But there is more to shopping for the right high tech security system than merely wandering around the booths or thumbing through the catalogue pages to pick out a product that appears to meet a user's immediate needs. Something the vendors never talk about - and that users would do well to consider - is the legal climate in which computer security systems must operate. However, to get the maximum for his investment, without getting sued, there are three things a user must keep in mind from the start when shopping for a computer security system: Defining the threat. A user must have a clear picture of the types of crimes he is trying to protect his system against. Need for flexibility. The security system the user selects must be versatile enough to adapt to a constantly changing environment. Legal concerns. A user must ensure that the security system complies with the laws and regulations of the environment in which it operates. A careful assessment of the nature of the threat that the system will probably face, should define the type of security one ultimately selects for his computer and related equipment. This entails addressing the following concerns: Who are the criminals, how sophisticated are they, and what kinds of crimes might they commit against a computer. What kinds of losses (e.g., data, assets, etc.,) would a user face if the system's safeguards were circumvented. Does the security system address both internal and external threats. Will a user's employees be receptive to using the safeguards once they are in place. How sophisticated must the staff be to use the safeguards effectively. How much training will be needed by the user's staff to use the security system, and what will it cost. What will the security system actually cost once it is integrated into the user's existing computer operations. Can someone else with the same type of system bypass the user's safeguards. After a user has delineated the kinds of threats he is dealing with, it is time to analyse the system itself. For example: Can it readily handle changes in the modus operandi of the criminal; as well as changes in the user's business environment. Is the system's technology designed for the long haul, or will it become obsolete in a brief period. If the user decides to expand the system, will compatible equipment be readily available. Will the security system be uncomplicated and inexpensive to service and maintain. The legal environment in which the security system will operate is something that eager users often tend to overlook. But failing to address the legal concerns could pose a problem for a user. For example: Does the system comply with both existing laws and regulations; specifically those dealing with privacy. Is the vendor of the system involved in any patent-related litigation that could also involve or impact on the user. What are the system's warranty provisions; further, do they give the user enough legal safeguards. What type of maintenance contract is the vendor prepared to offer. Is the vendor the subject of any litigation or government enforcement action. Are there any legal governmental restrictions on the use of the system. Does use of the system violate any existing agreements a user may have. (For example, some collective bargaining agreements place restrictions on the use of biometric security systems.) Could the system be a source of litigation involving problems related to employee harassment, privacy or health. Does the system comply with minimum government or industry security standards. The above constitutes merely some of the concerns that should be addressed by a user as well as legal counsel who advises that user when shopping for security. August Bequai Attorney, Report Correspondent 194

Practical computer security: Shopping for computer security

  • View
    213

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Practical computer security: Shopping for computer security

SHOPPING FOR COMPUTER SECURITY

According to the US Department of Justice and numerous security experts, the e l~o.nic office is becoming almost as likely a target of criminal activity as the convenience store around the corner. It seems that microcomputers, word processors: and electronic message systems make for easy pickings indeed, As the threat of criminal trespass, theft, fraud, vandal- ism, and other forms of abuse escalate, so do efforts

Certainly, there is no shortage of security systems from which to choose. At a recent security conference in San Antonio, Texas, more than 200 vendors of security-related products gathered to display their wares. But there is more to shopping for the right high tech security system than merely wandering around the booths or thumbing through the catalogue pages to pick out a product that appears to meet a user's immediate needs. Something the vendors never talk about - and that users would do well to consider - is the legal climate in which computer security systems must operate. However, to get the maximum for his investment, without getting sued, there are three things a user must keep in mind from the start when shopping for a computer security system: • Defining the threat. A user must have a clear picture of the

types of crimes he is trying to protect his system against.

• Need for flexibility. The security system the user selects must be versatile enough to adapt to a constantly changing environment.

• Legal concerns. A user must ensure that the security system complies with the laws and regulations of the environment in which it operates.

A careful assessment of the nature of the threat that the system will probably face, should define the type of security one ultimately selects for his computer and related equipment. This entails addressing the following concerns: • Who are the criminals, how sophisticated are they, and

what kinds of crimes might they commit against a computer.

• What kinds of losses (e.g., data, assets, etc.,) would a user face if the system's safeguards were circumvented.

• Does the security system address both internal and external threats.

• Will a user's employees be receptive to using the safeguards once they are in place.

• How sophisticated must the staff be to use the safeguards effectively.

• How much training will be needed by the user's staff to use the security system, and what will it cost.

• What will the security system actually cost once it is integrated into the user's existing computer operations.

• Can someone else with the same type of system bypass the user's safeguards.

After a user has delineated the kinds of threats he is dealing with, it is time to analyse the system itself. For example: • Can it readily handle changes in the modus operandi of the

criminal; as well as changes in the user's business environment.

• Is the system's technology designed for the long haul, or will it become obsolete in a brief period.

• If the user decides to expand the system, will compatible equipment be readily available.

• Will the security system be uncomplicated and inexpensive to service and maintain.

The legal environment in which the security system will operate is something that eager users often tend to overlook. But failing to address the legal concerns could pose a problem for a user. For example: • Does the system comply with both existing laws and

regulations; specifically those dealing with privacy. Is the vendor of the system involved in any patent-related litigation that could also involve or impact on the user.

• What are the system's warranty provisions; further, do they give the user enough legal safeguards.

• What type of maintenance contract is the vendor prepared to offer.

• Is the vendor the subject of any litigation or government enforcement action.

• Are there any legal governmental restrictions on the use of the system.

• Does use of the system violate any existing agreements a user may have. (For example, some collective bargaining agreements place restrictions on the use of biometric security systems.)

• Could the system be a source of litigation involving problems related to employee harassment, privacy or health.

• Does the system comply with minimum government or industry security standards.

The above constitutes merely some of the concerns that should be addressed by a user as well as legal counsel who advises that user when shopping for security.

August Bequai Attorney, Report Correspondent

194

Fermilab Computer Security Awareness Day November 2012 Basic Computer Security

Fermilab Computer Security Awareness Day November 2012 Basic Computer Security

Documents
DEFINITION OF COMPUTER SECURITY - smkstict cd blog · 40 COMPUTER SECURITY LESSON 16 COMPUTER SECURITY DEFINITION OF COMPUTER SECURITY Computer security means protecting our computer

DEFINITION OF COMPUTER SECURITY - smkstict cd blog · 40 COMPUTER SECURITY LESSON 16 COMPUTER SECURITY DEFINITION OF COMPUTER SECURITY Computer security means protecting our computer

Documents
proctective security advice for shopping centres

proctective security advice for shopping centres

Documents
Introduction to Computer Security - Windows Security · Introduction to Computer Security Windows Security Pavel Laskov Wilhelm Schickard Institute for Computer Science

Introduction to Computer Security - Windows Security · Introduction to Computer Security Windows Security Pavel Laskov Wilhelm Schickard Institute for Computer Science

Documents
COMPUTER SECURITY NATIONAL COMPUTER SECURITY CENTER · atda 234 7 21 csc-zepl-83/006 computer security ,.enter national computer security center final evaluation report of computer

COMPUTER SECURITY NATIONAL COMPUTER SECURITY CENTER · atda 234 7 21 csc-zepl-83/006 computer security ,.enter national computer security center final evaluation report of computer

Documents
Personal Computer SecurityPersonal Computer Security

Personal Computer SecurityPersonal Computer Security

Documents
Benefits of Online Shopping ! Batra Computer Centre

Benefits of Online Shopping ! Batra Computer Centre

Education
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons: Lesson 1: An overview of computer security

Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons: Lesson 1: An overview of computer security

Documents
Shopping Carts and Security

Shopping Carts and Security

Documents
Csci5233 computer security & integrity 1 An Overview of Computer Security

Csci5233 computer security & integrity 1 An Overview of Computer Security

Documents
Introduction to Computer Security - UNIX Security · Introduction to Computer Security UNIX Security Pavel Laskov Wilhelm Schickard Institute for Computer Science

Introduction to Computer Security - UNIX Security · Introduction to Computer Security UNIX Security Pavel Laskov Wilhelm Schickard Institute for Computer Science

Documents
National Survey on Shopping Center Security · PDF file · 2011-02-10National Survey on Shopping Center Security .;>' . . ... ask police or qualified security specialists to survey

National Survey on Shopping Center Security · PDF file · 2011-02-10National Survey on Shopping Center Security .;>' . . ... ask police or qualified security specialists to survey

Documents
Computer Security Computer Security as a principle; Computer Security in UNIX for specific; Conclusion

Computer Security Computer Security as a principle; Computer Security in UNIX for specific; Conclusion

Documents
September 2000 VA INFORMATION SYSTEMS Computer Security ... · computer security within VHA and initiatives to improve computer security throughout the department. ... computer security

September 2000 VA INFORMATION SYSTEMS Computer Security ... · computer security within VHA and initiatives to improve computer security throughout the department. ... computer security

Documents
Computer & Network Security : Information security

Computer & Network Security : Information security

Documents
Cryptography /Computer Security - 123seminarsonly.com · Cryptography /Computer Security Classical Cryptography . ... • Computer Security - generic name for the collection of tools

Cryptography /Computer Security - 123seminarsonly.com · Cryptography /Computer Security Classical Cryptography . ... • Computer Security - generic name for the collection of tools

Documents
RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers

RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers

Documents
Computer and electronic shopping guide

Computer and electronic shopping guide

Education
Computer Crime - Computer Security Techniques

Computer Crime - Computer Security Techniques

Documents
Computer Security

Computer Security

Education
Computer Shopping with uncle albert

Computer Shopping with uncle albert

Technology
Online Shopping from Smart Phone-Security Tips

Online Shopping from Smart Phone-Security Tips

Documents
Twenty-First Annual Computer Security Computer ... PROGRAM 21st Annual Computer Security Applications Conference Presented by Applied Computer Security Associates Twenty-First Annual

Twenty-First Annual Computer Security Computer ... PROGRAM 21st Annual Computer Security Applications Conference Presented by Applied Computer Security Associates Twenty-First Annual

Documents
Online Shopping Carts - The Next Security Battleground

Online Shopping Carts - The Next Security Battleground

Business
1 An Overview of Computer Security computer security

1 An Overview of Computer Security computer security

Documents
Computer security 101 computer security 101 Eric Pancer Computer Security Response Team

Computer security 101 computer security 101 Eric Pancer Computer Security Response Team

Documents
Computer Shopping

Computer Shopping

Technology
Computer Security & network security

Computer Security & network security

Engineering
RETAIL STORE & SHOPPING MALL SECURITY

RETAIL STORE & SHOPPING MALL SECURITY

Documents
Intel(R) Desktop Board DG41WV - Computer Shopping

Intel(R) Desktop Board DG41WV - Computer Shopping

Documents