UnderGround Information
UnderGround Information
BIBLIOGRAPHY OF COMPUTER SECURITY REPORTS
(1976 through 1988)
Note: A bibliography is now being developed to encompass 1989.
AUTHORS SPECIFIED
ABUSE/MISUSE/CRIME
AUTHOR: Burnham, B.W.
TITLE: Virus Threat and Secure Code Distribution
ORGANIZATION: U.S. Department of Energy
REPORT NO.: DE85-009106/XAB
PUBLICATION DATE: 1985
CATEGORY: Abuse/Misuse/Crime
COST: $9.95
DESCRIPTION: This report discusses countermeasures
that can be taken against virus programs in a
computer system. A virus program that relocates
itself in memory and might help in defeating
security measures.
AUTHOR: Ruder, Brian and Madden, J.D.
TITLE: An Analysis of Computer Security Safeguards
For Detecting and Preventing Intentional
Computer Misuse
ORGANIZATION: National Institute of Standards and
Technology
REPORT NO.: 500-25, Order # PB 275514
PUBLICATION DATE: January 1978
CATEGORY: Abuse/Misuse/Crime
COST: $11.50
DESCRIPTION: Discusses 88 computer security
safeguards and a model for evaluating safeguards as
mechanisms for preventing misuse.
ACCESS CONTROL
AUTHOR: Aiken, D.
TITLE: Secure User Authentication in a Distributed
Computing Environment
ORGANIZATION: U.S. Department of Energy/National
Technical Information Service
REPORT NO.: DE86-002960
PUBLICATION DATE: October 1985
CATEGORY: Access Control
COST: $9.95
DESCRIPTION: This report looks at a method for
user authentication in a distributed computing
system where information is protected from release,
modification, and replay.
AUTHOR: Arazi, Benjamin
TITLE: Processing of Encrypted Commercial Data
ORGANIZATION: National Research Institute for
Mathematical Sciences
REPORT NO.: PB82-204306
PUBLICATION DATE: September 1981
CATEGORY: Access Control
COST: $9.95
DESCRIPTION: Discusses an encryption scheme that
will help process encrytped commercial data.
AUTHOR: Brickell, E.F.
TITLE: New Knapsack-Based Cryptosystem
ORGANIZATION: National Technical Information
Service
REPORT NO.: DE83-011283
PUBLICATION DATE: 1983
CATEGORY: Access Control
COST: $9.95
DESCRIPTION: This paper presents a knapsack-based
cryptosystem that seems to be secure from attacks
that have violated other knapsack-based
cryptosystems.
AUTHOR: Gait, Jason
TITLE: Maintenance Testing for the Data Encryption
Standard
ORGANIZATION: National Institute of Standards and
Technology
REPORT NO.: 500-61, Order # PB 80221211
PUBLICATION DATE: August 1980
CATEGORY: Access Control
COST: $8.50
DESCRIPTION: Discusses four test that users and
manufactures can use to check the operation of data
encryption devices.
AUTHOR: Gait, Jason
TITLE: Validating the Correctness of Hardware
Implementations of the NBS Data Encryption
Standard
ORGANIZATION: National Institute of Standards and
Technology/ National Technical
Information Service
REPORT NO.: 500-20 Order # PB 81113524
PUBLICATION DATE: November 1977
CATEGORY: Access Control
COST: $8.50
DESCRIPTION: The NBS testbed that is used for
validating the hardware implementations of the Data
Encryption Standard (DES) is described.
AUTHOR: Hartman, W.J.
TITLE: A Critique of Some Public-Key Cryptosystems
ORGANIZATION: National Telecommunications and
Information Administration
REPORT NO.: PB82-120270
PUBLICATION DATE: August 1981
CATEGORY: Access Control
COST: $11.95
DESCRIPTION: Discusses several cryptosystems and
ways in which these systems can be attacked.
examples of programs that attack cryptosystems are
included.
AUTHOR: McClain, W.J.
TITLE: Security of Distributed ADP Systems:
Problems and Solutions
ORGANIZATION: National Technical Information
Service
REPORT NO.: DE84-001585
PUBLICATION DATE: July 25, 1983
CATEGORY: Access Control
COST: $11.95
DESCRIPTION: Discusses the challenge in keeping a
distributed network secure and suggests that the
tools required to keep a system safe will be
available in the near future.
AUTHOR: Mullender, S.J. and Tanenbaum, A.S.
TITLE: Protection and Resource Control in
Distributed Operating Systems
ORGANIZATION: National Technical Information
Service
REPORT NO.: PB85-201671/XAB
PUBLICATION DATE: March 1983
CATEGORY: Access Control
COST: $13.50
DESCRIPTION: Discusses how a traditional object-
oriented system can be implemented on top of a
basic protection mechanism in local networks where
the computer cable has sockets in several rooms
through the building.
AUTHOR: Nessett, D.M.
TITLE: Factors Affecting Distributed System
Security
ORGANIZATION: U.S. Department of Energy/National
Technical Information Service
REPORT NO.: DE86-003483
PUBLICATION DATE: April 6, 1986
CATEGORY: Access Control
COST: $9.95
DESCRIPTION: This report examines the requirements
of distributed system security and critiques recent
work in this field.
AUTHOR: Power, J.M. and Wilbur, S.R.
TITLE: Authentication in a Heterogeneous
Environment
ORGANIZATION: National Technical Information
Service
REPORT NO.: PB86-135522/XAB
PUBLICATION DATE: April 30, 1985
CATEGORY: Access Control
COST: $13.50
DESCRIPTION: This report describes a way in which
authentication of users and servers of a computer
system can be accomplished. The method can be used
with simple processors or timesharing systems.
AUTHOR: Springer, E.
TITLE: Current Status of Link Access Control and
Encryption System
ORGANIZATION: U.S. Department of Energy/ National
Technical Information Service
REPORT NO.: DE84-009604
PUBLICATION DATE: 1984
CATEGORY: Access Control
COST: $9.95
DESCRIPTION: This report is from a summary of the
proceedings of the DOE Computer Security Conference
held on April 10, 1984. Discussed is a system that
protects unclassified sensitive data transmissions
over unprotected lines using a data encryption
standard.
AUTHOR: Wood, Helen
TITLE: The Use of Passwords for Controlled Access
to Computer Resources
ORGANIZATION: National Institute of Standards and
Technology/National Technical
Information Service
REPORT NO.: 500-9, Order # PB 266323
PUBLICATION DATE: May 1977
CATEGORY: Access Control
COST: $10.00
DESCRIPTION: Password schemes are analyzed
according to such things as lifetime and
information content. Cost considerations of
password schemes are also discussed.
AUDIT AND EVALUATION
AUTHOR: Bishop, M.
TITLE: Analyzing the Security of an Existing
Computer System
ORGANIZATION: National Aeronautics and Space
Administration
REPORT NO.: N86-33029/7/XAB
PUBLICATION DATE: May 1986
CATEGORY: Audit and Evaluation
COST: $9.95
DESCRIPTION: This report examines ways to locate
security problems in existing computer systems by
serving as a basis for conducting thought
experiments.
AUTHOR: Ruthberg, Zella G. Edited by
TITLE: Audit and Evaluation of Computer Security
II: System Vulnerabilities and Controls
ORGANIZATION: National Institute of Standards and
Technology
REPORT NO.: 500-57, Order # SN 003-003-02178-4
PUBLICATION DATE: April 1980
CATEGORY: Audit and Evaluation
COST: $7.00
DESCRIPTION: This report discusses the NBS/GAO
workshop on developing improved computer security
auditing procedures.
CONTINGENCY PLANNING
AUTHOR: Isaac, Irene
TITLE: Guide on Selecting ADP Backup Processing
Alternatives
ORGANIZATION: National Institute of Standards and
Technology/U.S. Department of
Commerce
REPORT NO.: 500-134, Order # SN 003-003-02723-5
PUBLICATION DATE: May 1986
CATEGORY: Contingency Planning
COST: $3.75
DESCRIPTION: Addresses the issue of selecting ADP
backup processing support before the need actually
occurs. Alternative processing methods are
described along with a way to pick the best method.
GENERAL SECURITY
AUTHOR: Berting, F.M.
TITLE: Fundamentals of Computer Security
ORGANIZATION: U.S. Department of Energy/ National
Technical Information Service
REPORT NO.: DE84-011476
PUBLICATION DATE: April 4, 1984
CATEGORY: General Security
COST: $9.95
DESCRIPTION: This report addresses the need for
protective measures against accidental or malicious
harm done to computers by people.
AUTHOR: Edgar, Mallory F.
TITLE: Automated Information Systems (AIS)
Security
ORGANIZATION: American Defense Preparedness
Association
REPORT NO.: None Specified
PUBLICATION DATE: August 8, 1987
CATEGORY: General Security
COST: Free
DESCRIPTION: This report examines past and
current events affecting AIS security on a
national level.
AUTHOR: Kovach, R.D., Bolczak, R., and
Tompkins, F.G.
TITLE: Model Set of Security Requirements for
Procuring and implementing Transaction
Processing Systems
ORGANIZATION: National Technical Information
Service
REPORT NO.: PB86-119989/LP
PUBLICATION DATE: January 1985
CATEGORY: General Security
COST: $13.95
DESCRIPTION: This document helps establish a
security baseline for obtaining data processing
services from a contractor.
AUTHOR: McLoughlin, Glenn J.
TITLE: Computer Crime and Security
ORGANIZATION: Congressional Research Services,
U.S. Congress
REPORT NO.: Order Code IB85155
PUBLICATION DATE: April 10, 1987
CATEGORY: General Security
COST: Free
DESCRIPTION: This report examines the topics of
threat of entering systems and damaging or stealing
data, the role of the federal government in
defining "computer crime" and "authorized access",
and whether federal protection should be extended
into both the private and federal sectors.
AUTHOR: McLoughlin, Glenn J.
TITLE: Computer Security Issues: The Computer
Security Act of 1987
ORGANIZATION: Congressional Research Service,
U.S. Congress
REPORT NO.: Order Code IB87164
PUBLICATION DATE: February 9, 1988
CATEGORY: General Security
COST: Free
DESCRIPTION: This report discusses the current
federal role in computer security and the computer
security act of 1987.
AUTHOR: Popek, G.J.
TITLE: Secure Reliable Processing Systems
ORGANIZATION: National Technical Information
Service
REPORT NO.: AD-A140 150/4
PUBLICATION DATE: February 21, 1984
CATEGORY: General Security
COST: $18.95
DESCRIPTION: This report, technical in nature,
examines research done at UCLA that focused on
computer security and distributed computer systems
including networks, operating systems, and data
management.
AUTHOR: Story, Frank
TITLE: ADP Security: Executive Training
ORGANIZATION: Kaiser Engineers Hanford
Contact: Frank Story, IS Manager
REPORT NO.:
PUBLICATION DATE: 1987
CATEGORY: General Security
COST:
DESCRIPTION: This is a copy of material
distributed at the May 1987 Computer Security
Conference in Albuquerque, NM. Includes reasons for
computer crime, the computer criminal profile, and
computer security emphasis items.
LAW AND ETHICS
AUTHOR: Bailey, D.
TITLE: Attacks on Computers: Congressional
Hearings and Pending Legislation
ORGANIZATION: National Technical Information
Service
REPORT NO.: DE84-007468
PUBLICATION DATE: April 30, 1984
CATEGORY: Law and Ethics
COST: $6.50
DESCRIPTION: This report is a summary of the
hearings of the 98th Congress, First Session that
dealt with the introduction of six bills on
computer security. Also summarized are computer
crime bills that were pending.
MICROCOMPUTER SECURITY
AUTHOR: Steinauer, Dennis D.
TITLE: Security of Personal Computer Systems: A
Management Guide
ORGANIZATION: National Institute of Standards and
Technology
REPORT NO.: 500-120. Order # SN 003-003-02627-0
PUBLICATION DATE: January 1985
CATEGORY: Microcomputer Security
COST: $3.00
DESCRIPTION: This publication is intended for
managers and users of small systems. Advice is
given concerning the physical protection of a
system as well as the protection of software and
data.
PRIVACY
AUTHOR: Goldstein, Robert and Seward, Henry
TITLE: A Computer Model to Determine Low Cost
Techniques to Comply with the Privacy Act
of 1974
ORGANIZATION: National Institute of Standards and
Technology/National Technical
Information Service
REPORT NO.: 76-985 Order # PB 250755
PUBLICATION DATE: February 1976
CATEGORY: Privacy
COST: $10.00
DESCRIPTION: This report gives a computer model
that simulates the cost of implementing the Privacy
Act using alternative approaches for applying
safeguards. The computer model can be changed to
show varying circumstances.
AUTHOR: Moore, Gwendolyn, Kuhns, John,
Treffzs, Jeffrey and Montgomery, Christine
TITLE: Accessing Individual Records from Personal
Data Files Using Nonunique Identifiers
ORGANIZATION: U.S. Department of Commerce /
National Technical Information
Service
REPORT NO.: 500-2, Order # PB 263176
PUBLICATION DATE: February 1977
CATEGORY: Privacy
COST: $19.00
DESCRIPTION: This report analyzes ways for
retrieving personal information using identifiers
such as name, address, etc. Shows the accuracy of
various methods.
RISK MANAGEMENT
AUTHOR: Baker, A.L.
TITLE: Application of Risk Assessment
ORGANIZATION: U.S. Department of Energy/ National
Technical Information Service
REPORT NO.: DE83-001983
PUBLICATION DATE: 1982
CATEGORY: Risk Management
COST: $9.95
DESCRIPTION: This report describes the results of
the program that was initiated to provide tools to
DOE facilities for use in complying with guidelines
concerning risk assessment.
AUTHOR: Corynen, G.C.
TITLE: Methodology for Assessing the Security
Risks Associated with Computer Sites and
Networks
ORGANIZATION: National Technical Information
Service
REPORT NO.: DE82-019806
PUBLICATION DATE: June 23, 1982
CATEGORY: Risk Management
COST: $13.95
DESCRIPTION: This report presents a methodology
that managers can use to assess the security risks
of a computer complex by emphasizing the need for
determination of harms to a system.
AUTHOR: Neugent, William, Gilligan, John,
Hoffman, Lance and Ruthberg, Zella G.
TITLE: Technology Assessment: Methods for
Measuring the Level of Computer Security
ORGANIZATION: U.S. Department of Commerce/National
Institute of Standards and
Technology
REPORT NO.: 500-133 Order # SN 003-003-02686-7
PUBLICATION DATE: October 10, 1985
CATEGORY: Risk Management
COST: $8.00
DESCRIPTION: This technology assessment provides
an evaluation of methods for measuring the level of
computer security in computer applications,
systems, and installations.
AUTHOR: Smith, S.T. and Lim, J.J.
TITLE: Framework for Generating Expert Systems to
Perform Computer Security Risk Analysis
ORGANIZATION: U.S. Department of Energy/National
Technical Information Service
REPORT NO.: DE85-01434/XAB
PUBLICATION DATE: 1985
CATEGORY: Risk Management
COST: $9.95
DESCRIPTION: This report discusses physical and
electronic security. It looks at natural hazards,
direct human actions, and indirect human actions
such as breach of security from an unauthorized
person.
SECURITY MANAGEMENT
AUTHOR: Helling, William D.
TITLE: Computer Security for the Computer Systems
Manager
ORGANIZATION: National Technical Information
Service
REPORT NO.: AD-A126 768/1
PUBLICATION DATE: December 1982
CATEGORY: Security Management
COST: $13.95
DESCRIPTION: This report discusses basic concepts
of computer security and risk analysis for the
computer systems managers. Countermeasures against
computer problems are also presented.
AUTHOR: McCann, S. Anthony & Kusserow, Richard P.
Co-Project Managers
TITLE: Model Framework For Management Control
Over Automated Information Systems
ORGANIZATION: President's Council on Management
Improvement and the President's
Council on Integrity and Efficiency
PUBLICATION DATE: August 1987
CATEGORY: Security Management
COST: Free
DESCRIPTION: This report synthesizes for managers
the multitude of directives which contain over-
lapping and sometimes confusing guidance on how to
protect automated information system operations.
SOFTWARE AND OPERATING SYSTEM SECURITY
AUTHOR: Gosler, J.R.
TITLE: Software Protection: Myth or Reality
ORGANIZATION: U.S. Department of Energy/ National
Technical Information Service
REPORT NO.: DE86-003719/XAB
PUBLICATION DATE: November 1, 1985
CATEGORY: Software and Operating System Security
COST: $9.95
DESCRIPTION: This paper looks at the advantages and
disadvantages of various technologies employed in
protection schemes for software.
AUTHOR: Landwehr, Carl E.
TITLE: Best available Technologies (BAT) for
Computer Security
ORGANIZATION: Naval Research Laboratory/ National
Technical Information Service
REPORT NO.: AD-A109 189/1
PUBLICATION DATE: December 21, 1981
CATEGORY: Software and Operating System Security
COST: $11.95
DESCRIPTION: This report is aimed at the developer
of secure software computer systems and makes
suggestions about the design of these systems.
Summarized are several specific techniques and
applications.
AUTHOR: Linden, Theodore
TITLE: Operating Systems Structures to Support
Security and Reliable Software
ORGANIZATION: National Institute of Standards and
Technology/National Technical
Information Service
REPORT NO.: Tech, Note 919, Order # PB 257421
PUBLICATION DATE: August 1976
CATEGORY: Software and Operating System Security
COST: $10.00
DESCRIPTION: This report looks at two system
structuring techniques that will help in developing
a secure computer system.
AUTHOR: Rushby, J.M. and Randell, B.
TITLE: Distributed Secure System
ORGANIZATION: National Technical Information
Service
REPORT NO.: PB84-141126
PUBLICATION DATE: 1982
CATEGORY: Software and Operating System Security
COST: $13.50
DESCRIPTION: This report, in tutorial detail, talks
about the design of a distributed computing UNIX
system that helps impose a multilevel security
policy.
AUTHORS NOT SPECIFIED
ABUSE/MISUSE/CRIME
AUTHOR: Not Specified
TITLE: Federal Information Systems Remain Highly
Vulnerable to Fraudulent, Wasteful,
Abusive, and Illegal Practices
ORGANIZATION: U.S. General Accounting Office,
REPORT NO.: MASAD-82-18
PUBLICATION DATE: April 21, 1982
CATEGORY: Abuse/Misuse/Crime
COST: Free (if less than 5 ordered)
DESCRIPTION: This report concludes the inadequate
protection over computers and networks leave
systems vulnerable to fraudulent, wasteful, and
and illegal purposes.
ACCESS CONTROL
AUTHOR: Not Specified
TITLE: Defending Secrets, Sharing Data, New Locks
and Keys for Electronic Informatiom
ORGANIZATION: Office of Technology Assessments,
U.S. Congress
REPORT NO.:
PUBLICATION DATE: 1987
CATEGORY: Access Control
COST: $8.50
DESCRIPTION: Examines the vulnerability of
communications and computer systems and the trends
in technology for safeguarding information in these
systems.
AUDIT AND EVALUATION
AUTHOR: Not Specified
TITLE: Federal Agencies Still Need To Develop
Greater Computer Audit Capabilities
ORGANIZATION: U.S. General Accounting Office
REPORT NO.: AFMD-82-7
PUBLICATION DATE: October 16, 1981
CATEGORY: Audit and Evaluation
COST: Free (if less than 5 ordered)
DESCRIPTION: This report focuses on the progress by
both the Federal Inspector General and internal
audit organizations in reaching their computer
audit requirements. Included are recommendations
for identifying and meeting the necessary auditing
needs.
AUTHOR: Not Specified
TITLE: Flaws in Controls Over The Supplemental
Security Income Computerized System Causes
Millions in Erroneous Payments
ORGANIZATION: U.S. General Accounting Office,
P.O. Box 6015
Gaithersburg, MD 20877
(202) 275-6241
REPORT NO.: HRD-79-104
PUBLICATION DATE: August 9, 1979
CATEGORY: Audit and Evaluation
COST: Free (if less than 5 ordered)
DESCRIPTION: This report describes how federal
automated information systems with inadequate
security controls are vulnerable to mission
impairments.
AUTHOR: Not Specified
TITLE: Information Systems: Agencies Overlook
Security Controls During Development
ORGANIZATION: U.S. General Accounting Office,
P.O. Box 6015
Gaithersburg, MD 20877
(202) 275-6241
REPORT NO.: GAO/IMTEC-88-11
PUBLICATION DATE: May 31, 1988
CATEGORY: Audit and Evaluation
COST: Free (if less than 5 ordered)
DESCRIPTION: This report shows some agencies who
were not meeting federal criteria and good system
development practices for providing reasonable
assurance that appropriate security controls were
incorporated into their automated information
systems.
AUTHOR: Not Specified
TITLE: Information Systems: Security in Federal
Civilian Agencies
ORGANIZATION: U.S. General Accounting Office,
U.S. Congress
REPORT NO.: GAO/T-IMTEC-87-7
PUBLICATION DATE: May 19, 1987
CATEGORY: Audit and Evaluation
COST: Free (if less than 5 ordered)
DESCRIPTION: This report provides a review of the
practices used by federal civilian agencies in
identifying and incorporating appropriate security
controls in automated information systems.
AUTHOR: Not Specified
TITLE: Weak Financial Controls Make The Community
Services Administration Vulnerable to
Fraud and Abuse
ORGANIZATION: U.S. General Accounting Office,
P.O. Box 6015
Gaithersburg, MD 20877
(202) 275-6241
REPORT NO.: FGMSD-80-73
PUBLICATION DATE: August 22, 1980
CATEGORY: Audit and Evaluation
COST: Free (if less than 5 ordered)
DESCRIPTION: This report shows how computer
security weaknesses in the Community Services
Administration exceedingly vulnerable to fraud and
abuse.
GENERAL SECURITY
AUTHOR: Not Specified
TITLE: ADP and Telecommunications
ORGANIZATION: General Services Administration/
Government Services Administration
REPORT NO.: GSA Bulletin FPMR F-148
PUBLICATION DATE: January 10, 1983
CATEGORY: General Security
COST:
DESCRIPTION: Computer security publications that
have been used in developing ADP security
management programs are listed in this bulletin.
AUTHOR: Not Specified
TITLE: Center for Computer Security: Computer
Security Group Conference
ORGANIZATION: National Technical Information
Service
REPORT NO.: DE84-012992
PUBLICATION DATE: June 1982
CATEGORY: General Security
COST: $11.95
DESCRIPTION: This report comes from a conference on
computer security and covers various security
issues including security management,
certification, risk analysis, contingency planning,
and other related topics.
AUTHOR: Not Specified
TITLE: Computer Security Models
ORGANIZATION: National Technical Information
Service
REPORT NO.: ADA 166 920/LP
PUBLICATION DATE: September 1984
CATEGORY: General Security
COST: $13.95
DESCRIPTION: This report provides a basis for
evaluating security models as they relate to secure
computer system development. Included is a summary
of existing models plus some general considerations
when designing and using security models.
AUTHOR: Not Specified
TITLE: Glossary for Computer Systems Security
ORGANIZATION: U.S. Department of Commerce /
National Technical Information
Service
REPORT NO.: FIPS PUB 39
PUBLICATION DATE: February 1984
CATEGORY: General Security
COST: $7.00
DESCRIPTION: This glossary contains approximately
170 computer security terms and definitions.
AUTHOR: Not Specified
TITLE: Security of Automated Information Systems
ORGANIZATION: U.S. Nuclear Regulatory Commission
REPORT NO.: NRC Appendix 2301, Part II
PUBLICATION DATE: July 25, 1985
CATEGORY: General Security
COST: $3.20
DESCRIPTION: This report applies to NRC or NRC
contractors that have computer centers, personal
computers, or sensitive application systems that
process unclassified sensitive data.
AUTHOR: Not Specified
TITLE: Trusted Computer Systems - Glossary
ORGANIZATION: National Technical Information
Service
REPORT NO.: ADA 108 829/LP
PUBLICATION DATE: March 1981
CATEGORY: General Security
COST: $9.95
DESCRIPTION: This glossary emphasizes terms that
relate to the formal specification and verification
of trusted computer systems.
MICROCOMPUTER SECURITY
AUTHOR: Not Specified
TITLE: PC Security Considerations
ORGANIZATION: Government Printing Office, Contact:
Superintendent of Documents
REPORT NO.: GPO Stock # 008-000-00439-1
PUBLICATION DATE: 1985
CATEGORY: Microcomputer Security
COST: $1.00
DESCRIPTION: This report provides a general
discussion of a number of issues that are
pertinent to microcomputer security in the home
and business environment.
PHYSICAL SECURITY AND HARDWARE
AUTHOR: Not Specified
TITLE: Computer Surety - Computer System
Inspection Guidance
ORGANIZATION: Lawrence Livermore National
Laboratory/U.S. Nuclear Regulatory
Commission
REPORT NO.: NUREG/CR-2288
PUBLICATION DATE: March 1983
CATEGORY: Physical Security and Hardware
COST: $10.00
DESCRIPTION: Details inspection methods for the
Physical Protection Project by the U.S. NRC from
the perspective of the physical protection
inspectors. Includes glossary of computer terms
along with threats and computer vulnerabilities.
RISK MANAGEMENT
AUTHOR: Not Specified
TITLE: Technical Risk Assessment - The Status of
Current DOD Efforts
ORGANIZATION: U.S. General Accounting Office
REPORT NO.: PEMD-86-5
PUBLICATION DATE: April 3, 1986
CATEGORY: Risk Management
COST: Free (if less than 5 ordered)
DESCRIPTION: This report offers six
recommendations concerning basic risk assessment
concepts, policies, and procedures for the
Department of Defense.
SECURITY MANAGEMENT
AUTHOR: Not Specified
TITLE: Government-Wide Guidelines and Management
Assistance Center Needed to Improve ADP
Systems Development
ORGANIZATION: U.S. General Accounting Office
REPORT NO.: AFMD-81-20
PUBLICATION DATE: February 20, 1981
CATEGORY: Security Management
COST: Free (if less than 5 ordered)
DESCRIPTION: This document suggest a framework of
procedures for managing systems development and
reiterates the need for a management assistance
center for computer software and systems
development.
AUTHOR: Not Specified
TITLE: Management, Security, and Congressional
Oversight
ORGANIZATION: Government Printing Office Contact:
Superintendent of Documents
REPORT NO.: OTA-CIT-297
PUBLICATION DATE: February 1986
CATEGORY: Security Management
COST: Free (if less than 5 ordered)
DESCRIPTION: This report is a review of 142 agency
components finding similar weaknesses in
information security controls and management
practices made by the 1986 Office of Technology
Assessment.
AUTHOR: Not Specified
TITLE: Solving Social Security's Computer
Problems: Comprehensive Corrective
Action Plan & Better Management Needed
ORGANIZATION: U.S. General Accounting Office,
U.S. Congress
REPORT NO.: HRD-82-19
PUBLICATION DATE: December 10, 1981
CATEGORY: Security Management
COST: Free (if less than 5 ordered)
DESCRIPTION: This report informs how flaws in
controls in systems used by the Social Security
Administration caused millions of dollars in
erroneous payments.
SOFTWARE AND OPERATING SYSTEM SECURITY
AUTHOR: Not Specified
TITLE: An Approach to Determining Computer
Security Requirements for Navy Systems
ORGANIZATION: Naval Research Laboratory / Defense
Technical Information Center
REPORT NO.: ADA 155750
PUBLICATION DATE:
CATEGORY: Software and Operating System Security
COST: $5.00
DESCRIPTION: This report shows how to meet a
particular requirement level as defined in the DOD
trusted computer evaluation criteria by proposing
a technique for mapping a specific system
architecture and application environment.