Colin R. Corder's scientific contributions

Publications (21)

Chapter
The purposes of system controls are to prevent unacceptable data from being processed and to detect it if it does enter the system. There are two wide categories of ‘unacceptable data’: honest errors such as an incorrectly written number or corruption of data by a program bug; and deliberate errors, deliberately inserted. The motive may be to defra...
Chapter
‘It couldn’t happen here.’ A dismissive sentence that acts as a blanket excuse for inactivity in security risk areas deserves more careful analysis than it customarily gets. Does it mean that it is completely impossible, for example, that a building should catch fire, that a saboteur should plant a bomb, that a disgruntled employee should destroy v...
Chapter
Not all organizations require a full-time security officer. In these circumstances security standards become totally the responsibility of the computer or management services department. To what extent can or should their design be undertaken internally, and what is the role of outside experts?
Chapter
As with other subjects in this book, here too there is a considerable amount of overlap among the responsibilities of the various units within the data processing department, and among the types of security precautions which can be taken. The subject area for this chapter is the content of programs rather than their physical protection. Physical sa...
Chapter
This chapter is devoted to other occurrences that could damage a computer installation. The term ‘Act of God’ is used in an insurance sense and many of the topics discussed are in fact, ‘Acts of Mankind’. Among these the most prominent, and the one which is discussed in most detail is the problem posed by bombs and bomb hoaxes, and damage caused by...
Chapter
In towns all over the world people religiously lock their front and back doors before going to bed, to help keep the world out. During the day when they are in, the family is allowed to wander freely — even distant cousins. A distant cousin discovered looking at business papers in your study would however be unpopular. A known outsider handling the...
Chapter
The purpose of this chapter is to give guidelines for reviewing the security of the installation. There are two possible types of situation; the first will occur in the average installation where the general level of security awareness always has been low in the past. A comprehensive, formal review will be necessary as the first step towards improv...
Chapter
Previous chapters have discussed the risks generally inherent in computerized data processing, methods for establishing what risks exist in a particular installation, the role of the security officer, and detailed recommendations for standard procedures in a wide variety of circumstances. This chapter deals with the problems of formulating, documen...
Chapter
Crimes are committed by people. Those with the greatest opportunity to commit a crime or cause damage are the installation’s staff; security should start with them. In the sixties the demand for computer staff outran the supply; consequently firms were often forced to employ people who were unsatisfactory from a technical point of view, let alone f...
Chapter
Security is only as strong as its weakest link, and the weakest link in the security chain is people. The weakness arises partly from the fact that standards, particularly if over-restrictive, tend to be evaded or ignored; and partly from the human tendency to concentrate on only one thing at a time. When there is pressure on the data processing de...
Chapter
Security problems in the computer room itself include accidents to staff, equipment and data, as well as deliberate physical damage and tampering with programs and files. Because recommendations for physical protection, including fire prevention and access control, have been discussed in detail elsewhere, this chapter concentrates on those problems...
Chapter
In this chapter and the related appendices we will cover a variety of security considerations having to do with the data control and data preparation sections. The discussion will not be comprehensive, in that no attempt has been made to include all general procedures, but only the special security concerns associated with these functions.
Chapter
This chapter, despite its title, is less about recovering from a disaster than how to give yourself the ability to recover. If the computer, files and documentation are all in one place, and if the installation is destroyed by fire, the first recourse is to prayer, the second to a personnel agency (because you will probably be out of a job) and thi...
Chapter
One of the authors, as part of a consultancy project, recently interviewed an applicant for a senior programmer’s job. The young man was well-qualified and brought samples of his work to the interview to prove it. From his briefcase he proudly produced a set of program listings and detailed specifications for a transport optimization system he had...
Chapter
The nature of on-line systems presents some special security problems. They are usually the ‘high technology, high benefit’ systems, expensive to develop and operate, performing functions not possible any other way (for example, the airline reservations systems) or putting within reach qualitative benefits whose value is difficult to measure. A cha...
Chapter
It is a fallacy to regard the security officer as ‘the man with the dog’. Security is as integral a part of the business function as is, say, bookkeeping or marketing; it must be regarded as the proper safeguarding of one’s possessions, or rather the organization’s possessions from the wolf pack of competition and illwishers. Every organization mus...
Chapter
No installation is, or can be, totally secure — at least not if any work is getting done. Security is not an absolute. The proper level of security will vary between installations, depending upon many factors. In the following chapters precautions are described that can be taken to increase security. Some involve disadvantages, either of cost or in...
Chapter
In a computer installation in England the structural precautions against fire were negated when a cardboard box fell in front of an automatic sliding door, locking it into the open position. The fire which had started outside the computer room was spread by a container of isopropyl-alcohol, combustible ceiling tiles and a large quantity of paper on...
Chapter
In a book devoted to security it is very easy to make recommendations on the siting, construction and extent of a computer building in isolation. There are obviously, however, many other factors to be considered, among them cost and the need or desirability of siting the computer close to other operations. However within these and other business co...
Chapter
The efficient organization and control of the file library is a major factor in ensuring the security of the installation. In previous chapters we have discussed the physical requirements of the library and the paramount need to restrict access to it by unauthorized personnel, whether they be staff or intruders. This chapter will be devoted to exam...

Citations

... References are made to civilian computer security managers in the 1970s and 1980s (Van Biene-Hershey, 2007), although they did not initially command universal professional respect (Wooldridge et al., 1973;Watt, 1989). During the 1990s, factors such as the mass inter-networking of systems and the proliferation of malware resulted in an expansion of corporate security structures (DeNardis, 2007). ...