SEVEN - Handling the Personal Computer Risk

Abstract

The personal computer (PC) is probably the most significant technical advance of history in terms of its potential effects on business. The PC and other microcomputer devices provide a tremendous boost to information handling and communication in business. But the devices, especially when connected to networks, constitute severe information security threats. Careful attention by management is needed to set strategies for PC use, to establish security requirements and controls, and to motivate employees to do what is necessary. A number of major vulnerabilities of information when communicated or processed on network-connected PCs can be suggested. Physical threats include theft of data on floppy disks or through the taking of a complete PC system; casual observation of sensitive information on a PC display; theft of printed output documents and improper use of a keyboard or other entry device to penetrate security controls or cause information damage, loss or exposure when a PC has been carelessly left in an active or connected state. Logical threats include subversion of the operating system or its controls through improper use of keyboard entry; remote entry or spoofing via network connections; placing of Trojan horse or time-bomb software through the offer of free or for sale programs; or loss of data privacy through unauthorized intentional or casual browsing in data files that may be on local PC data stores on hard disk or on LAN file servers.