A password to computer security.

• Author: Goldfarb, Michael G.
• Position: Special Report: Information Management

A disgruntled former bank employee accesses the bank's computer system and disrupts operations by shutting down the ATM network and the bank's link to the funds transfer system.

* A data center employee manipulates electronic data interchange (EDI) messages, so funds being transferred from a bank to an insurance company go instead to personal account.

* An outsider gains access to a corporation's private branch exchange (PBX) and makes numerous long-distance telephone calls at the company's expense.

Stories of computer fraud are growing by-product of expanded computer use. Just how real is the threat to the security of your installation? And what means are available to you to reduce the risks you face?

To understand this threat, one must understand that most computers communicate with other computers, and that integrated networks are replacing centralized systems. Organizations use computer networks to gain remote access to mainframe computers, to facilitate data transfer between systems, and to link customers, suppliers, and business partners. Personal computers and workstations make the links between these networks still more complex.

When data is transmitted over computer networks it is vulnerable to interception and disruption. We've all read of unauthorized incursions into both commercial and governmental data networks, resulting in significant financial loss and adverse publicity. Whether such incidents are the result of electronic trespassing by "hackers," who seek access largely as an intellectual challenge, or by technically sophisticated individuals intents on fraud, corporate systems are more and more at risk.

How can your organization address such risks? Begin with the security features and access controls provided by hardware manufactures and software vendors. These controls need to match both the level of risk you are willing to accept and the level of security that can be achieved in your computer environment. That security level depends on:

* The applications, such as funds transfer, that are supported by the network and such characteristics as who uses them and what they're used for.

* The network's scope, the access to it, and its links to external systems, plus its hardware and software and the functionality installed in the network, such as encrytion (discussed below).

* The culture of the organization and the willingness of users to comply with the controls established.

It is important to recognize that network security...