The National Bureau of Standards, with the support of the U.S. General Accounting Office, sponsored a second invitational workshop on computer security audit, entitled "Audit and Evaluation of Computer Security II: System Vulnerabilities and Controls," In Miami Beach, Florida, on November 28-30, 1978. A cross-section of highly qualified people In the computer science and EDP audit fields was assembled to develop material that would be directly usable for a Federal Information Processing Standard (FTPS) Guideline on the subject. Tn order to cover the material in a systematic fashion, the workshop was partitioned into three management sessions and five technical sessions. The management sessions addressed Managerial and Organizational Vulnerabilities and Controls at the Staff Level (1 session) and the Line Level (2 sessions). The technical sessions addressed vulnerabilities and controls in the areas of Terminal and Remote Peripherals, Communication Components, Operating Systems, Applications and Non- Integrated Data Files, and Data Base/ Data Base Management Systems. These Proceedings are the reports developed by the eight sessions of the workshop.
The National Bureau of Standards, with the support of the U.S. General Accounting Office, sponsored a second invitational workshop on computer security audit, entitled "Audit and Evaluation of Computer Security II: System Vulnerabilities and Controls," In Miami Beach, Florida, on November 28-30,...
See full abstract
The National Bureau of Standards, with the support of the U.S. General Accounting Office, sponsored a second invitational workshop on computer security audit, entitled "Audit and Evaluation of Computer Security II: System Vulnerabilities and Controls," In Miami Beach, Florida, on November 28-30, 1978. A cross-section of highly qualified people In the computer science and EDP audit fields was assembled to develop material that would be directly usable for a Federal Information Processing Standard (FTPS) Guideline on the subject. Tn order to cover the material in a systematic fashion, the workshop was partitioned into three management sessions and five technical sessions. The management sessions addressed Managerial and Organizational Vulnerabilities and Controls at the Staff Level (1 session) and the Line Level (2 sessions). The technical sessions addressed vulnerabilities and controls in the areas of Terminal and Remote Peripherals, Communication Components, Operating Systems, Applications and Non- Integrated Data Files, and Data Base/ Data Base Management Systems. These Proceedings are the reports developed by the eight sessions of the workshop.
Hide full abstract
Keywords
applications controls; computer vulnerabilities; data base controls; data base management systems controls; EDP audit; internal audit; operating system controls; system controls; system vulnerabilities; terminal controls