II. BASIC INFORMATION SYSTEMS SECURITY PROBLEMS
A. Natural Disasters
Natural disasters, such as floods, lightning, brown-outs, fire, and earthquakes, are the most obvious security problems for most organizations. Since the source of these problems is generally uncontrollable, one must plan for the possibility. The physical location of computer systems, control of electrical surges or spikes, and clean fire suppression methods are possible techniques to discuss when dealing with this topic. A pre-defined disaster plan, including appropriate off-site backup, helps to avoid regret.
B. Accidental Problems
Many threats to a system result from unintentional errors created either by a user or by the system itself. Examples include the accidental disclosure of data, inadvertent modification or destruction of data, faulty software that may produce incorrect data, residual data left in the system and that may contaminate new data and wrong parameters that get passed inappropriately. The most common forms of accidental threats are employee mistakes. On-going training programs, both formal and informal, can help prevent many of these problems.
C. Malicious Threats
Malicious threats are deliberate attempts to circumvent or defeat the system’s protection mechanisms or exploit weaknesses in such mechanisms. A trapdoor is a “special element that when inserted in a program or system allows the intruder to bypass protective features safeguarding the secure functioning of a system.” The Trojan horse technique of penetration “consists of supplying the computer with what is perceived appropriate and acceptable information, but in reality, contains secret instructions for unauthorized behavior.”
Users may tamper with data or programs, snoop or browse through a system or intentionally disclose data. A worm or virus may be inserted into a program and spread throughout the system. Malicious threats are the most difficult type of security problem to deal with. They may start from within or outside the organization.