U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Part 1: Securing Your Data, Assessing Your Threat

NCJ Number
205198
Journal
Law Enforcement Technology Volume: 31 Issue: 4 Dated: April 2004 Pages: 52,54,56,58
Author(s)
Christa Miller
Date Published
April 2004
Length
5 pages
Annotation
This article outlines the features of malicious, unintentional, and physical threats to police agency computer systems.
Abstract
In emphasizing the potential consequences of an attack on a computer system, the article notes that such attacks are becoming more complex, widespread, and virulent, shutting down organizational operations for days and costing millions. A recent Computer Crime and Security Survey found that the most cited attacks or abuses were viruses (82 percent) and insider abuse of network access (80 percent). An increasing number of organizations over the last 5 years report Internet connections as the most frequent points of attack. These problems happened even though 99 percent of the organizations used anti-virus software, 98 percent used firewalls, and 92 percent had some type of access control. CACI International Inc., lists on its Web site major malicious, unintentional, and physical security threats. This article describes some of these threats. Malicious software threats include viruses, worms, and virus/worm variants such as Trojan horses, time and logic "bombs," "rabbits," and "bacteria." Such software can be innocuous, data-altering, or catastrophic, according to CACI. Each of these types of malicious threats is explained in this article. Unintentional threats include equipment (hardware) or software malfunctions. The most troublesome aspect of malfunctions is their ability to cause data loss. It also can be time-consuming and costly to test and then repair both hardware and software malfunctions. The other type of unintentional threat is human error, including leaving a "back door" through which malicious threats can enter a system. Most human errors occur when users change or delete data in some way, including installing unauthorized programs or hardware on "company" computers. CACI lists these potential unintentional threats: data vulnerability in transit and storage and private key mismanagement. Physical threats are fire, water, power surge, vandalism, and "civil disorder" or even battle damage. Some issues to consider in physical security are whether servers are stored in a room near heating and ventilation or water pipes, whether they are adequately protected and/or backed up to prevent erasure in the event of a power surge, and whether the room and equipment are regularly inspected for fire hazards.