UnderGround Information










UnderGround Information




                BIBLIOGRAPHY OF COMPUTER SECURITY REPORTS
                       (1976 through 1988)

Note:  A bibliography is now being developed to encompass 1989.

 
                        AUTHORS SPECIFIED

                       ABUSE/MISUSE/CRIME

                                                            
          AUTHOR:  Burnham, B.W.                             
                                                            
          TITLE:  Virus Threat and Secure Code Distribution  
                                                            
          ORGANIZATION:  U.S. Department of Energy           
                                                            
          REPORT NO.:  DE85-009106/XAB                       
          PUBLICATION DATE:  1985                            
          CATEGORY:  Abuse/Misuse/Crime                      
         COST:  $9.95                                       
         DESCRIPTION:  This report discusses countermeasures
         that can be taken against virus programs in a      
         computer system. A virus program that relocates    
         itself in memory and might help in defeating       
         security measures.                                 
               

                                                           
          AUTHOR:   Ruder, Brian and Madden, J.D.            
                                                            
          TITLE:  An Analysis of Computer Security Safeguards
                 For Detecting and Preventing Intentional   
                 Computer Misuse                            
          ORGANIZATION:  National Institute of Standards and 
                        Technology                          
                                                            
          REPORT NO.:  500-25, Order # PB 275514             
          PUBLICATION DATE:  January 1978                    
          CATEGORY:  Abuse/Misuse/Crime                      
         COST:  $11.50                                      
         DESCRIPTION:  Discusses 88 computer security       
         safeguards and a model for evaluating safeguards as
         mechanisms for preventing misuse.                  
                

                         ACCESS CONTROL
                                                            
          AUTHOR:   Aiken, D.                                
                                                            
          TITLE:  Secure User Authentication in a Distributed
                 Computing Environment                      
                                                            
          ORGANIZATION:   U.S. Department of Energy/National 
                         Technical Information Service      
                                                            
          REPORT NO.:  DE86-002960                           
          PUBLICATION DATE:  October 1985                    
          CATEGORY:  Access Control                          
         COST:  $9.95                                       
         DESCRIPTION:  This report looks at a method for    
         user authentication in a distributed computing     
         system where information is protected from release,
         modification, and replay.                          

                                                           
          AUTHOR:   Arazi, Benjamin                          
                                                            
          TITLE:  Processing of Encrypted Commercial Data    
                                                     
                                                    
          ORGANIZATION:   National Research Institute for    
                         Mathematical Sciences              
                                                            
          REPORT NO.:  PB82-204306                           
          PUBLICATION DATE:  September 1981                  
          CATEGORY:  Access Control                          
         COST:  $9.95                                       
         DESCRIPTION:  Discusses an encryption scheme that  
         will help process encrytped commercial data.       
  

                                                            
          AUTHOR:   Brickell, E.F.                           
                                                            
          TITLE:  New Knapsack-Based Cryptosystem            
                                                            
          ORGANIZATION:   National Technical Information     
                         Service                            
                                                            
          REPORT NO.:  DE83-011283                           
          PUBLICATION DATE:  1983                            
          CATEGORY:  Access Control                          
         COST:  $9.95                                       
         DESCRIPTION:  This paper presents a knapsack-based 
         cryptosystem that seems to be secure from attacks  
         that have violated other knapsack-based            
         cryptosystems.                                     
                  
                                                            
          AUTHOR:   Gait, Jason                              
                                                            
          TITLE:  Maintenance Testing for the Data Encryption
                 Standard                                   
                                                            
          ORGANIZATION:   National Institute of Standards and
                         Technology                         
                                                            
          REPORT NO.:  500-61, Order # PB 80221211           
          PUBLICATION DATE:  August 1980                     
          CATEGORY:  Access Control                          
         COST:  $8.50                                       
         DESCRIPTION:  Discusses four test that users and   
         manufactures can use to check the operation of data
         encryption devices.                                

                                                            
          AUTHOR:   Gait, Jason                              
                                                            
          TITLE: Validating the Correctness of Hardware      
                Implementations of the NBS Data Encryption  
                Standard                                    
          ORGANIZATION:   National Institute of Standards and
                         Technology/ National Technical     
                         Information Service                
          REPORT NO.:  500-20 Order # PB 81113524            
          PUBLICATION DATE:  November 1977                   
          CATEGORY:  Access Control                          
         COST:  $8.50                                       
         DESCRIPTION:  The NBS testbed that is used for     
         validating the hardware implementations of the Data
         Encryption Standard (DES) is described.            
                    

                                                            
          AUTHOR:   Hartman, W.J.                            
                                                            
          TITLE:  A Critique of Some Public-Key Cryptosystems
                                                            
                                                            
          ORGANIZATION:   National Telecommunications and    
                         Information Administration         
                                                            
          REPORT NO.:  PB82-120270                           
          PUBLICATION DATE:  August 1981                     
          CATEGORY:  Access Control                          
         COST:  $11.95                                      
         DESCRIPTION:  Discusses several cryptosystems and  
         ways in which these systems can be attacked.       
         examples of programs that attack cryptosystems are 
         included.                                          

                                                            
          AUTHOR:   McClain, W.J.                            
                                                            
          TITLE:  Security of Distributed ADP Systems:       
                 Problems and Solutions                     
                                                            
          ORGANIZATION:   National Technical Information     
                         Service                            
                                                            
          REPORT NO.:  DE84-001585                           
          PUBLICATION DATE:  July 25, 1983                   
          CATEGORY:  Access Control                          
         COST:  $11.95                                      
         DESCRIPTION:  Discusses the challenge in keeping a 
         distributed network secure and suggests that the   
         tools required to keep a system safe will be       
         available in the near future.                      
               

                                                            
          AUTHOR:  Mullender, S.J. and Tanenbaum, A.S.       
                                                            
          TITLE:  Protection and Resource Control in         
                 Distributed Operating Systems              
                                                            
          ORGANIZATION:   National Technical Information     
                         Service                            
                                                            
          REPORT NO.:  PB85-201671/XAB                       
          PUBLICATION DATE:  March 1983                      
          CATEGORY:  Access Control                          
         COST:  $13.50                                      
         DESCRIPTION:  Discusses how a traditional object-  
         oriented system can be implemented on top of a     
         basic protection mechanism in local networks where 
         the computer cable has sockets in several rooms    
         through the building.                              
               
                                                         
          AUTHOR:  Nessett, D.M.                             
                                                            
          TITLE:  Factors Affecting Distributed System       
                 Security                                   
                                                            
          ORGANIZATION:   U.S. Department of Energy/National 
                         Technical Information Service      
                                                            
          REPORT NO.:  DE86-003483                           
          PUBLICATION DATE:  April 6, 1986                   
          CATEGORY:  Access Control                          
         COST:  $9.95                                       
         DESCRIPTION:  This report examines the requirements
         of distributed system security and critiques recent
         work in this field.                                
                     
                                                            
          AUTHOR:  Power, J.M. and Wilbur, S.R.              
                                                            
          TITLE:  Authentication in a Heterogeneous          
                 Environment                                
                                                            
          ORGANIZATION:   National Technical Information     
                         Service                            
                                                            
          REPORT NO.:  PB86-135522/XAB                       
          PUBLICATION DATE:  April 30, 1985                  
          CATEGORY:  Access Control                          
         COST:  $13.50                                      
         DESCRIPTION:  This report describes a way in which 
         authentication of users and servers of a computer  
         system can be accomplished. The method can be used 
         with simple processors or timesharing systems.     
            
                                                         
          AUTHOR:  Springer, E.                              
                                                            
          TITLE:  Current Status of Link Access Control and  
                 Encryption System                          
                                                            
          ORGANIZATION:   U.S. Department of Energy/ National
                         Technical Information Service      
                                                            
          REPORT NO.:  DE84-009604                           
          PUBLICATION DATE:  1984                            
          CATEGORY:  Access Control                          
         COST:  $9.95                                       
         DESCRIPTION:  This report is from a summary of the 
         proceedings of the DOE Computer Security Conference
         held on April 10, 1984. Discussed is a system that 
         protects unclassified sensitive data transmissions 
         over unprotected lines using a data encryption     
         standard.                                          

                                                       
          AUTHOR:  Wood, Helen                               
                                                            
          TITLE:  The Use of Passwords for Controlled Access 
                 to Computer Resources                      
                                                            
          ORGANIZATION:   National Institute of Standards and
                         Technology/National Technical      
                         Information Service                
          REPORT NO.:  500-9, Order # PB 266323              
          PUBLICATION DATE:  May 1977                        
          CATEGORY:  Access Control                          
         COST:  $10.00                                      
         DESCRIPTION:  Password schemes are analyzed         
         according to such things as lifetime and           
         information content. Cost considerations of        
         password schemes are also discussed.               
            

                     AUDIT AND EVALUATION

                                                            
          AUTHOR:  Bishop, M.                                
                                                            
          TITLE:  Analyzing the Security of an Existing      
                 Computer System                            
                                                            
          ORGANIZATION:   National Aeronautics and Space     
                         Administration                     
                                                            
          REPORT NO.:  N86-33029/7/XAB                       
          PUBLICATION DATE:  May 1986                        
          CATEGORY:  Audit and Evaluation                    
         COST:  $9.95                                       
         DESCRIPTION:  This report examines ways to locate   
         security problems in existing computer systems by  
         serving as a basis for conducting thought          
         experiments.                                       
  
                                                       
          AUTHOR:  Ruthberg, Zella G. Edited by              
                                                            
          TITLE:  Audit and Evaluation of Computer Security  
                 II: System Vulnerabilities and Controls    
                                                            
          ORGANIZATION:   National Institute of Standards and
                         Technology                         
                                                            
          REPORT NO.:  500-57, Order # SN 003-003-02178-4    
          PUBLICATION DATE:  April 1980                      
          CATEGORY:  Audit and Evaluation                    
         COST:  $7.00                                       
         DESCRIPTION:  This report discusses the NBS/GAO     
         workshop on developing improved computer security  
         auditing procedures.                               
           


                      CONTINGENCY PLANNING
                                                            
          AUTHOR:  Isaac, Irene                              
                                                            
          TITLE:  Guide on Selecting ADP Backup Processing   
                 Alternatives                               
                                                            
          ORGANIZATION:   National Institute of Standards and
                         Technology/U.S. Department of      
                         Commerce                           
          REPORT NO.: 500-134, Order # SN 003-003-02723-5    
          PUBLICATION DATE: May 1986                         
          CATEGORY:  Contingency Planning                    
         COST:  $3.75                                       
         DESCRIPTION:  Addresses the issue of selecting ADP  
         backup processing support before the need actually 
         occurs. Alternative processing methods are         
         described along with a way to pick the best method.
              
                        
                          GENERAL SECURITY

                                                           
          AUTHOR:  Berting, F.M.                             
                                                            
          TITLE:  Fundamentals of Computer Security          
                                                            
                                                            
          ORGANIZATION:   U.S. Department of Energy/ National
                         Technical Information Service      
                                                            
          REPORT NO.:  DE84-011476                           
          PUBLICATION DATE:  April 4, 1984                   
          CATEGORY:  General Security                        
         COST: $9.95                                        
         DESCRIPTION:  This report addresses the need for    
         protective measures against accidental or malicious
         harm done to computers by people.                  
                  

                                                            
          AUTHOR:   Edgar, Mallory F.                        
                                                            
          TITLE:  Automated Information Systems (AIS)        
                 Security                                   
                                                            
          ORGANIZATION:   American Defense Preparedness      
                         Association                        
                                                            
          REPORT NO.:  None Specified                        
          PUBLICATION DATE:  August 8, 1987                  
          CATEGORY:  General Security                        
         COST: Free                                         
         DESCRIPTION:  This report examines past and        
         current events affecting AIS security on a         
         national level.                                    

                                                           
          AUTHOR:  Kovach, R.D., Bolczak, R., and            
                  Tompkins, F.G.                            
          TITLE:  Model Set of Security Requirements for     
                 Procuring and implementing Transaction     
                 Processing Systems                         
          ORGANIZATION:   National Technical Information     
                         Service                            
                                                            
          REPORT NO.:  PB86-119989/LP                        
          PUBLICATION DATE:  January 1985                    
          CATEGORY:  General Security                        
         COST:  $13.95                                      
         DESCRIPTION:  This document helps establish a       
         security baseline for obtaining data processing    
         services from a contractor.                        
              

                                                            
          AUTHOR:   McLoughlin, Glenn J.                     
                                                            
          TITLE:  Computer Crime and Security                
                                                            
                                                            
          ORGANIZATION:  Congressional Research Services,    
                        U.S. Congress                       
                                                            
          REPORT NO.:  Order Code IB85155                    
          PUBLICATION DATE:  April 10, 1987                  
          CATEGORY:  General Security                        
         COST:  Free                                        
         DESCRIPTION:  This report examines the topics of   
         threat of entering systems and damaging or stealing
         data, the role of the federal government in        
         defining "computer crime" and "authorized access", 
         and whether federal protection should be extended  
         into both the private and federal sectors.         

                                                            
          AUTHOR:   McLoughlin, Glenn J.                     
                                                            
          TITLE:   Computer Security Issues:  The Computer   
                  Security Act of 1987                      
                                                            
          ORGANIZATION:  Congressional Research Service,     
                        U.S. Congress                       
                                                            
          REPORT NO.:  Order Code IB87164                    
          PUBLICATION DATE:  February 9, 1988                
          CATEGORY:  General Security                        
         COST: Free                                         
         DESCRIPTION:  This report discusses the current    
         federal role in computer security and the computer 
         security act of 1987.                              

                                                            
          AUTHOR:  Popek, G.J.                               
                                                            
          TITLE:  Secure Reliable Processing Systems         
                                                            
                                                            
          ORGANIZATION:   National Technical Information     
                         Service                            
                                                            
          REPORT NO.:  AD-A140 150/4                         
          PUBLICATION DATE:  February 21, 1984               
          CATEGORY:  General Security                        
         COST: $18.95                                       
         DESCRIPTION:  This report, technical in nature,     
         examines research done at UCLA that focused on     
         computer security and distributed computer systems 
         including networks, operating systems, and data    
         management.                                        
            

                                                           
          AUTHOR:  Story, Frank                              
                                                            
          TITLE:  ADP Security: Executive Training           
                                                            
                                                            
          ORGANIZATION:   Kaiser Engineers Hanford           
                         Contact: Frank Story, IS Manager   
                                                            
          REPORT NO.:                                        
          PUBLICATION DATE:  1987                            
          CATEGORY:  General Security                        
         COST:                                              
         DESCRIPTION:  This is a copy of material            
         distributed at the May 1987 Computer Security      
         Conference in Albuquerque, NM. Includes reasons for
         computer crime, the computer criminal profile, and 
         computer security emphasis items.                  
                

                         LAW AND ETHICS
                                                           
          AUTHOR:  Bailey, D.                                
                                                            
          TITLE:  Attacks on Computers: Congressional        
                 Hearings and Pending Legislation           
                                                            
          ORGANIZATION:  National Technical Information      
                        Service                             
                                                            
          REPORT NO.:  DE84-007468                           
          PUBLICATION DATE:  April 30, 1984                  
          CATEGORY:  Law and Ethics                          
         COST: $6.50                                        
         DESCRIPTION:  This report is a summary of the       
         hearings of the 98th Congress, First Session that  
         dealt with the introduction of six bills on        
         computer security. Also summarized are computer    
         crime bills that were pending.                     
                


                     MICROCOMPUTER SECURITY

                                                           
          AUTHOR:  Steinauer, Dennis D.                      
                                                            
          TITLE:  Security of Personal Computer Systems: A   
                 Management Guide                           
                                                            
          ORGANIZATION:   National Institute of Standards and
                         Technology                         
                                                            
          REPORT NO.: 500-120. Order # SN 003-003-02627-0    
          PUBLICATION DATE:  January 1985                    
          CATEGORY:  Microcomputer Security                  
         COST: $3.00                                        
         DESCRIPTION:  This publication is intended for      
         managers and users of small systems. Advice is     
         given concerning the physical protection of a      
         system as well as the protection of software and   
         data.                                              
              
                            PRIVACY
                                                            
          AUTHOR:  Goldstein, Robert and Seward, Henry       
                                                            
          TITLE:  A Computer Model to Determine Low Cost     
                 Techniques to Comply with the Privacy Act  
                 of 1974                                    
          ORGANIZATION:   National Institute of Standards and
                         Technology/National Technical      
                         Information Service                
          REPORT NO.: 76-985 Order # PB 250755               
          PUBLICATION DATE:  February 1976                   
          CATEGORY:  Privacy                                 
         COST: $10.00                                       
         DESCRIPTION:  This report gives a computer model    
         that simulates the cost of implementing the Privacy
         Act using alternative approaches for applying      
         safeguards. The computer model can be changed to   
         show varying circumstances.                        

                                                      
          AUTHOR:  Moore, Gwendolyn, Kuhns, John,            
                  Treffzs, Jeffrey and Montgomery, Christine
          TITLE:  Accessing Individual Records from Personal 
                 Data Files Using Nonunique Identifiers     
                                                            
          ORGANIZATION:   U.S. Department of Commerce /      
                         National Technical Information     
                         Service                            
          REPORT NO.:  500-2, Order # PB 263176              
          PUBLICATION DATE:  February 1977                   
          CATEGORY:  Privacy                                 
         COST: $19.00                                       
         DESCRIPTION:  This report analyzes ways for         
         retrieving personal information using identifiers  
         such as name, address, etc. Shows the accuracy of  
         various methods.                                   
                  
                          RISK MANAGEMENT
                                                            
          AUTHOR:  Baker, A.L.                               
                                                            
          TITLE:  Application of Risk Assessment             
                                                            
                                                            
          ORGANIZATION:   U.S. Department of Energy/ National
                         Technical Information Service      
                                                            
          REPORT NO.:  DE83-001983                           
          PUBLICATION DATE:  1982                            
          CATEGORY:  Risk Management                         
         COST: $9.95                                        
         DESCRIPTION:  This report describes the results of  
         the program that was initiated to provide tools to 
         DOE facilities for use in complying with guidelines
         concerning risk assessment.                        
                  
                                                        
          AUTHOR:  Corynen, G.C.                             
                                                            
          TITLE:  Methodology for Assessing the Security     
                 Risks Associated with Computer Sites and   
                 Networks                                   
          ORGANIZATION:   National Technical Information     
                         Service                            
                                                            
          REPORT NO.:  DE82-019806                           
          PUBLICATION DATE:  June 23, 1982                   
          CATEGORY:  Risk Management                         
         COST: $13.95                                       
         DESCRIPTION:  This report presents a methodology    
         that managers can use to assess the security risks 
         of a computer complex by emphasizing the need for  
         determination of harms to a system.                
            

                                                         
          AUTHOR:  Neugent, William, Gilligan, John,         
                  Hoffman, Lance and Ruthberg, Zella G.     
          TITLE:  Technology Assessment: Methods for         
                 Measuring the Level of Computer Security   
                                                            
          ORGANIZATION:  U.S. Department of Commerce/National
                        Institute of Standards and          
                        Technology                          
          REPORT NO.:  500-133 Order # SN 003-003-02686-7    
          PUBLICATION DATE:  October 10, 1985                
          CATEGORY:  Risk Management                         
         COST: $8.00                                        
         DESCRIPTION:  This technology assessment provides   
         an evaluation of methods for measuring the level of
         computer security in computer applications,        
         systems, and installations.                        

                                                            
          AUTHOR:  Smith, S.T. and Lim, J.J.                 
                                                            
          TITLE:  Framework for Generating Expert Systems to 
                 Perform Computer Security Risk Analysis    
                                                            
          ORGANIZATION:  U.S. Department of Energy/National  
                        Technical Information Service       
                                                            
          REPORT NO.:  DE85-01434/XAB                        
          PUBLICATION DATE:  1985                            
          CATEGORY:  Risk Management                         
         COST: $9.95                                        
         DESCRIPTION:  This report discusses physical and    
         electronic security. It looks at natural hazards,  
         direct human actions, and indirect human actions   
         such as breach of security from an unauthorized    
         person.                                            
                   

                       SECURITY MANAGEMENT

                                                           
          AUTHOR:  Helling, William D.                       
                                                            
          TITLE:  Computer Security for the Computer Systems 
                 Manager                                    
                                                            
          ORGANIZATION:   National Technical Information     
                         Service                            
                                                            
          REPORT NO.:  AD-A126 768/1                         
          PUBLICATION DATE:  December 1982                   
          CATEGORY:  Security Management                     
         COST: $13.95                                       
         DESCRIPTION:  This report discusses basic concepts  
         of computer security and risk analysis for the     
         computer systems managers. Countermeasures against 
         computer problems are also presented.              
                  
                                                            
          AUTHOR:  McCann, S. Anthony & Kusserow, Richard P. 
                  Co-Project Managers                       
                                                            
          TITLE:  Model Framework For Management Control     
                 Over Automated Information Systems         
                                                            
          ORGANIZATION:  President's Council on Management   
                        Improvement and the President's     
                        Council on Integrity and Efficiency 
                                                            
          PUBLICATION DATE:  August 1987                     
          CATEGORY:  Security Management                     
         COST: Free                                         
         DESCRIPTION:  This report synthesizes for managers 
         the multitude of directives which contain over-    
         lapping and sometimes confusing guidance on how to 
         protect automated information system operations.   


             SOFTWARE AND OPERATING SYSTEM SECURITY
                                                           
          AUTHOR:  Gosler, J.R.                              
                                                            
          TITLE:  Software Protection: Myth or Reality       
                                                            
                                                            
          ORGANIZATION:   U.S. Department of Energy/ National
                         Technical Information Service      
                                                            
          REPORT NO.:  DE86-003719/XAB                       
          PUBLICATION DATE:  November 1, 1985                
          CATEGORY:  Software and Operating System Security  
         COST: $9.95                                        
         DESCRIPTION: This paper looks at the advantages and 
         disadvantages of various technologies employed in  
         protection schemes for software.                   
                     
                                                           
          AUTHOR:  Landwehr, Carl E.                         
                                                            
          TITLE:  Best available Technologies (BAT) for      
                 Computer Security                          
                                                            
          ORGANIZATION:  Naval Research Laboratory/ National 
                        Technical Information Service       
                                                            
          REPORT NO.: AD-A109 189/1                          
          PUBLICATION DATE: December 21, 1981                
          CATEGORY:  Software and Operating System Security  
         COST:  $11.95                                      
         DESCRIPTION:  This report is aimed at the developer 
         of secure software computer systems and makes      
         suggestions about the design of these systems.     
         Summarized are several specific techniques and     
         applications.                                      
                     
                                                            
          AUTHOR:  Linden, Theodore                          
                                                            
          TITLE:   Operating Systems Structures to Support   
                  Security and Reliable Software            
                                                            
          ORGANIZATION:  National Institute of Standards and 
                        Technology/National Technical       
                        Information Service                 
          REPORT NO.: Tech, Note 919, Order # PB 257421      
          PUBLICATION DATE:   August 1976                    
          CATEGORY:  Software and Operating System Security  
         COST: $10.00                                       
         DESCRIPTION:  This report looks at two system       
         structuring techniques that will help in developing
         a secure computer system.                          
        
                                                            
          AUTHOR:  Rushby, J.M. and Randell, B.              
                                                            
          TITLE:  Distributed Secure System                  
                                                            
                                                            
          ORGANIZATION:  National Technical Information      
                        Service                             
                                                            
          REPORT NO.:  PB84-141126                           
          PUBLICATION DATE:  1982                            
          CATEGORY:  Software and Operating System Security  
         COST: $13.50                                       
         DESCRIPTION: This report, in tutorial detail, talks 
         about the design of a distributed computing UNIX   
         system that helps impose a multilevel security     
         policy.                                            
                 

                      AUTHORS NOT SPECIFIED

                       ABUSE/MISUSE/CRIME

                                                           
          AUTHOR:   Not Specified                            
                                                            
          TITLE:  Federal Information Systems Remain Highly  
                 Vulnerable to Fraudulent, Wasteful,        
                 Abusive, and Illegal Practices             
                                                            
          ORGANIZATION:  U.S. General Accounting Office,     
                                                            
          REPORT NO.:  MASAD-82-18                           
          PUBLICATION DATE: April 21, 1982                   
          CATEGORY:   Abuse/Misuse/Crime                     
         COST: Free (if less than 5 ordered)                
         DESCRIPTION:  This report concludes the inadequate 
         protection over computers and networks leave       
         systems vulnerable to fraudulent, wasteful, and    
         and illegal purposes.                              
                     

                         ACCESS CONTROL
                                                            
          AUTHOR:   Not Specified                            
                                                            
          TITLE:  Defending Secrets, Sharing Data, New Locks 
                 and Keys for Electronic Informatiom        
                                                            
          ORGANIZATION: Office of Technology Assessments,    
                       U.S. Congress                        
          REPORT NO.:                                        
          PUBLICATION DATE:  1987                            
          CATEGORY:   Access Control                         
         COST:  $8.50                                       
         DESCRIPTION:  Examines the vulnerability of        
         communications and computer systems and the trends 
         in technology for safeguarding information in these
         systems.                                           


                      AUDIT AND EVALUATION
                                                            
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  Federal Agencies Still Need To Develop     
                 Greater Computer Audit Capabilities        
                                                            
          ORGANIZATION:  U.S. General Accounting Office      
                                                            
          REPORT NO.:  AFMD-82-7                             
          PUBLICATION DATE:  October 16, 1981                
          CATEGORY:  Audit and Evaluation                    
         COST: Free (if less than 5 ordered)                
         DESCRIPTION: This report focuses on the progress by 
         both the Federal Inspector General and internal    
         audit organizations in reaching their computer     
         audit requirements. Included are recommendations   
         for identifying and meeting the necessary auditing 
         needs.                                             
              
                                                           
          AUTHOR:   Not Specified                            
                                                            
          TITLE:  Flaws in Controls Over The Supplemental    
                 Security Income Computerized System Causes 
                 Millions in Erroneous Payments             
          ORGANIZATION:  U.S. General Accounting Office,     
                        P.O. Box 6015                       
                        Gaithersburg, MD 20877              
                        (202) 275-6241                      
          REPORT NO.:  HRD-79-104                            
          PUBLICATION DATE:  August 9, 1979                  
          CATEGORY: Audit and Evaluation                     
         COST:  Free (if less than 5 ordered)               
         DESCRIPTION: This report describes how federal     
         automated information systems with inadequate      
         security controls are vulnerable to mission        
         impairments.                                       

                                                           
          AUTHOR:   Not Specified                            
                                                            
          TITLE:  Information Systems: Agencies Overlook     
                 Security Controls During Development       
                                                            
          ORGANIZATION:  U.S. General Accounting Office,     
                        P.O. Box 6015                       
                        Gaithersburg, MD 20877              
                        (202) 275-6241                      
          REPORT NO.:  GAO/IMTEC-88-11                       
          PUBLICATION DATE:  May 31, 1988                    
          CATEGORY:  Audit and Evaluation                    
         COST:  Free (if less than 5 ordered)               
         DESCRIPTION:  This report shows some agencies who  
         were not meeting federal criteria and good system  
         development practices for providing reasonable     
         assurance that appropriate security controls were  
         incorporated into their automated information      
         systems.                                           

                                                            
          AUTHOR:   Not Specified                            
                                                            
          TITLE:   Information Systems: Security in Federal  
                  Civilian Agencies                         
                                                            
          ORGANIZATION:  U.S. General Accounting Office,     
                        U.S. Congress                       
                                                            
          REPORT NO.:  GAO/T-IMTEC-87-7                      
          PUBLICATION DATE:  May 19, 1987                    
          CATEGORY:  Audit and Evaluation                    
         COST:  Free (if less than 5 ordered)               
         DESCRIPTION: This report provides a review of the  
         practices used by federal civilian agencies in     
         identifying and incorporating appropriate security 
         controls in automated information systems.         

                                                     
          AUTHOR:   Not Specified                            
                                                            
          TITLE:  Weak Financial Controls Make The Community 
                 Services Administration Vulnerable to      
                 Fraud and Abuse                            
                                                            
          ORGANIZATION:  U.S. General Accounting Office,     
                        P.O. Box 6015                       
                        Gaithersburg, MD 20877              
                        (202) 275-6241                      
          REPORT NO.:  FGMSD-80-73                           
          PUBLICATION DATE:  August 22, 1980                 
          CATEGORY:   Audit and Evaluation                   
         COST: Free (if less than 5 ordered)                
         DESCRIPTION:  This report shows how computer       
         security weaknesses in the Community Services      
         Administration exceedingly vulnerable to fraud and 
         abuse.                                             

                        GENERAL SECURITY

                                                           
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  ADP and Telecommunications                 
                                                            
                                                            
          ORGANIZATION:  General Services Administration/    
                        Government Services Administration  
                                                            
          REPORT NO.:  GSA Bulletin FPMR F-148               
          PUBLICATION DATE:  January 10, 1983                
          CATEGORY:  General Security                        
         COST:                                              
         DESCRIPTION: Computer security publications that    
         have been used in developing ADP security          
         management programs are listed in this bulletin.   


                                                            
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  Center for Computer Security: Computer     
                 Security Group Conference                  
                                                            
          ORGANIZATION:  National Technical Information      
                        Service                             
                                                            
          REPORT NO.:  DE84-012992                           
          PUBLICATION DATE:  June 1982                       
          CATEGORY:  General Security                        
         COST:  $11.95                                      
         DESCRIPTION: This report comes from a conference on 
         computer security and covers various security      
         issues including security management,              
         certification, risk analysis, contingency planning,
         and other related topics.                          
             
                                                            
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  Computer Security Models                   
                                                            
                                                            
          ORGANIZATION:  National Technical Information      
                        Service                             
                                                            
          REPORT NO.:  ADA 166 920/LP                        
          PUBLICATION DATE:  September 1984                  
          CATEGORY:  General Security                        
         COST:  $13.95                                      
         DESCRIPTION: This report provides a basis for       
         evaluating security models as they relate to secure
         computer system development. Included is a summary 
         of existing models plus some general considerations
         when designing and using security models.          

                                                            
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  Glossary for Computer Systems Security     
                                                            
                                                            
          ORGANIZATION:  U.S. Department of Commerce /       
                        National Technical Information      
                        Service                             
          REPORT NO.:  FIPS PUB 39                           
          PUBLICATION DATE:  February 1984                   
          CATEGORY:  General Security                        
         COST:  $7.00                                       
         DESCRIPTION: This glossary contains approximately   
         170 computer security terms and definitions.       

                                                            
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  Security of Automated Information Systems  
                                                            
          ORGANIZATION:  U.S. Nuclear Regulatory Commission  
                                                            
          REPORT NO.:  NRC Appendix 2301, Part II            
          PUBLICATION DATE:  July 25, 1985                   
          CATEGORY:  General Security                        
         COST:  $3.20                                       
         DESCRIPTION: This report applies to NRC or NRC      
         contractors that have computer centers, personal   
         computers, or sensitive application systems that   
         process unclassified sensitive data.               
            
                                                            
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  Trusted Computer Systems - Glossary        
                                                            
          ORGANIZATION:  National Technical Information      
                        Service                             
          REPORT NO.:  ADA 108 829/LP                        
          PUBLICATION DATE:  March 1981                      
          CATEGORY:  General Security                        
         COST:  $9.95                                       
         DESCRIPTION: This glossary emphasizes terms that    
         relate to the formal specification and verification
         of trusted computer systems.                       
               

                     MICROCOMPUTER SECURITY

                                                         
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  PC Security Considerations                 
                                                            
          ORGANIZATION:  Government Printing Office, Contact:
                        Superintendent of Documents         
          REPORT NO.:  GPO Stock # 008-000-00439-1           
          PUBLICATION DATE:  1985                            
          CATEGORY:  Microcomputer Security                  
         COST:  $1.00                                       
         DESCRIPTION: This report provides a general         
         discussion of a number of issues that are          
         pertinent to microcomputer security in the home    
         and business environment.                          
                


                 PHYSICAL SECURITY AND HARDWARE
                                                        
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  Computer Surety - Computer System          
                 Inspection Guidance                        
          ORGANIZATION:  Lawrence Livermore National         
                        Laboratory/U.S. Nuclear Regulatory  
                        Commission                          
          REPORT NO.:  NUREG/CR-2288                         
          PUBLICATION DATE:  March 1983                      
          CATEGORY:  Physical Security and Hardware          
         COST:  $10.00                                      
         DESCRIPTION:  Details inspection methods for the    
         Physical Protection Project by the U.S. NRC from   
         the perspective of the physical protection         
         inspectors. Includes glossary of computer terms    
         along with threats and computer vulnerabilities.   
               
                         RISK MANAGEMENT

                                                          
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  Technical Risk Assessment - The Status of  
                 Current DOD Efforts                        
          ORGANIZATION:  U.S. General Accounting Office      
                                                            
                                                            
          REPORT NO.:  PEMD-86-5                             
          PUBLICATION DATE:  April 3, 1986                   
          CATEGORY:  Risk Management                         
         COST:  Free (if less than 5 ordered)               
         DESCRIPTION:  This report offers six                
         recommendations concerning basic risk assessment   
         concepts, policies, and procedures for the         
         Department of Defense.                             
                   

                       SECURITY MANAGEMENT

                                                          
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  Government-Wide Guidelines and Management  
                 Assistance Center Needed to Improve ADP    
                 Systems Development                        
          ORGANIZATION:  U.S. General Accounting Office      
                                                            
          REPORT NO.:  AFMD-81-20                            
          PUBLICATION DATE:  February 20, 1981               
          CATEGORY:  Security Management                     
         COST:  Free (if less than 5 ordered)               
         DESCRIPTION:  This document suggest a framework of  
         procedures for managing systems development and    
         reiterates the need for a management assistance    
         center for computer software and systems           
         development.                                       

                                                            
          AUTHOR:   Not Specified                            
                                                            
          TITLE:   Management, Security, and Congressional   
                  Oversight                                 
                                                            
          ORGANIZATION:  Government Printing Office Contact: 
                        Superintendent of Documents         
                                                            
          REPORT NO.:  OTA-CIT-297                           
          PUBLICATION DATE:  February 1986                   
          CATEGORY:  Security Management                     
         COST:  Free (if less than 5 ordered)               
         DESCRIPTION:  This report is a review of 142 agency
         components finding similar weaknesses in           
         information security controls and management       
         practices made by the 1986 Office of Technology    
         Assessment.                                        

                                                            
          AUTHOR:   Not Specified                            
                                                            
          TITLE:    Solving Social Security's Computer       
                   Problems: Comprehensive Corrective       
                   Action Plan & Better Management Needed   
          ORGANIZATION:  U.S. General Accounting Office,     
                        U.S. Congress                       
                                                            
          REPORT NO.:  HRD-82-19                             
          PUBLICATION DATE:  December 10, 1981               
          CATEGORY:  Security Management                     
         COST: Free (if less than 5 ordered)                
         DESCRIPTION:  This report informs how flaws in     
         controls in systems used by the Social Security    
         Administration caused millions of dollars in       
         erroneous payments.                                


             SOFTWARE AND OPERATING SYSTEM SECURITY

                                                          
          AUTHOR:  Not Specified                             
                                                            
          TITLE:  An Approach to Determining Computer        
                 Security Requirements for Navy Systems     
                                                            
          ORGANIZATION:  Naval Research Laboratory / Defense 
                        Technical Information Center        
          REPORT NO.:  ADA 155750                            
          PUBLICATION DATE:                                  
          CATEGORY:  Software and Operating System Security  
         COST:  $5.00                                       
         DESCRIPTION:  This report shows how to meet a       
         particular requirement level as defined in the DOD 
         trusted computer evaluation criteria by proposing  
         a technique for mapping a specific system          
         architecture and application environment.