Skip to Main Content
Idaho State University home

II. BASIC INFORMATION SYSTEMS SECURITY PROBLEMS

A. Natural Disasters

Natural disasters, such as floods, lightning, brown-outs, fire, and earthquakes, are the most obvious security problems for most organizations. Since the source of these problems is generally uncontrollable, one must plan for the possi­bility. The physical location of computer systems, control of electrical surges or spikes, and clean fire suppression meth­ods are possible techniques to discuss when dealing with this topic. A pre-defined disaster plan, including appropri­ate off-site backup, helps to avoid regret.

B. Accidental Problems

Many threats to a system result from unintentional errors created either by a user or by the system itself. Examples include the accidental disclosure of data, inadvertent modification or destruction of data, faulty software that may produce incorrect data, residual data left in the system and that may contaminate new data and wrong parameters that get passed inappropriately. The most common forms of accidental threats are employee mistakes. On-going training programs, both formal and informal, can help prevent many of these problems.

C. Malicious Threats

Malicious threats are deliberate attempts to circumvent or defeat the system’s protection mechanisms or exploit weaknesses in such mechanisms. A trapdoor is a “special element that when inserted in a program or system allows the intruder to bypass protective features safeguarding the secure functioning of a system.” The Trojan horse tech­nique of penetration “consists of supplying the computer with what is perceived appropriate and acceptable informa­tion, but in reality, contains secret instructions for unauthorized behavior.”

Users may tamper with data or programs, snoop or browse through a system or intentionally disclose data. A worm or virus may be inserted into a program and spread throughout the system. Malicious threats are the most difficult type of security problem to deal with. They may start from within or outside the organization.