skip to main content
10.1145/1499402.1499424acmotherconferencesArticle/Chapter ViewAbstractPublication PagesafipsConference Proceedingsconference-collections
research-article
Free access

Security risk assessment in electronic data processing systems

Published: 13 June 1977 Publication History

Abstract

Concern for the safety of a data processing facility and the data within it should result in the selection of such security measures, including insurance, as are appropriate to bringing the risk within tolerable limits at the lowest cost. These security measures should be selected on the basis of the benefit/cost relationships which they afford. This, in turn, requires a quantification of the potential benefits afforded by each security measure or group of measures for comparison with the cost. Because the benefit afforded by the security measure is lessening or elimination of security problems, which is risk reduction, we must be able to quantify the risk so as to measure the benefit afforded by its elimination or diminution. A workable procedure for doing this is described.

References

[1]
Privacy Act of 1974, Pub. L. No. 93--579, 88 Stat. 1896, December 31, 1974.
[2]
Privacy Act Implementation Guidelines and Responsibilities, Office of Management and Budget, Circular No. A-108, Federal Register, Vol. 40, No. 132, p. 28947, July 9, 1975.
[3]
Supplementary Guidance on Implementing the Privacy Act, Office of Management and Budget, Federal Register, Vol. 40, No. 234, p. 56741, December 4, 1975.
[4]
British Computer Society Code of Good Practice, National Computing Centre Ltd., London, England, April 1973.
[5]
Feistel, H., "Cryptography and Computer Privacy", Scientific American, Vol. 228, No. 5, May 1973.
[6]
Martin, J., Security, Accuracy, and Privacy in Computer Systems, Prentice-Hall, Englewood Cliffs, New Jersey, 1973.
[7]
Orceyre, M. J., "Data Security", Journal of Chemical Information and Computer Sciences, Vol. 15, No. 1, February 1975.
[8]
Parker, D. B., Computer Abuse, Stamford Research Institute, Menlo Park, California, Nov. 1973.
[9]
Privacy in a Free Society, Roscue Pound American Trial Lawyers Foundation, Cambridge, Massachusetts, June 1974.
[10]
Executive Guide to Computer Security.
[11]
NBS Special Publication 404, Approaches to Privacy and Security in Computer Systems, September, 1974.
[12]
NBS Technical Note 780, Controlled Accessibility, Bibliography, June, 1973.
[13]
NBS Technical Note 809, Government Looks at Privacy and Security in Computer Systems, February, 1974.
[14]
NBS Technical Note 827, Controlled Accessibility Workshop Report, May, 1974.
[15]
NBS Technical Note 876, Exploring Privacy and Data Security Costs---A Summary of a Workshop, August, 1975.
[16]
FIPS PUB 31, Guidelines of Automatic Data Processing Physical Security and Risk Management, June, 1974.
[17]
FIPS PUB 41, Computer Security Guidelines for Implementing The Privacy Act of 1974, May, 1975.
[18]
FIPS PUB 39, Glossary of Terminology for Computer Systems Security, to be published January 1976. Available as TG-15 Working Papers of 9/75.
[19]
Encryption Algorithm for Computer Data Protection: Federal Information Processing Standard, proposed, Federal Register, Vol. 40, No. 149, p. 32830, August 1, 1975.
[20]
TG-15/24.1, Index of Automated System Design Requirements as Derived from the OMB Privacy Act Implementation Guidelines, August 12, 1975 (to be published as NBSTR).
[21]
TG-15/30, Toward a Taxonomy of Computer Security Requirements for Federal Agencies, by Alfred M. Pfaff.
[22]
Data Security and Data Processing, Volumes 1--7, Joint Study by IBM Corp., Massachusetts Institute of Technology, TRW Systems, Inc., and the Management Information Division of the State of Illinois (G320--1370 through G320--1376).
[23]
Considerations of Data Security in a Computer Environment (G520-2169).
[24]
Considerations of Physical Security in a Computer Environment (G520--2700).
[25]
42 Suggestions for Improving Security in Data Processing Operations (G520--2797).
[26]
The Fire and After the Fire (G520--2741).
[27]
Proceedings of the IBM Data Security Symposium, April 1973 (G520--2838).
[28]
Proceedings of the IBM Data Security Forum, Sept. 1974 (G520--2965).
[29]
"OS/VS2 System Integrity", W. S. McPhee, IBM Systems Journal, Vol. 14, No. 3, 1975 (G321--0042).

Cited By

View all
  • (2023)Operational shock: A method for estimating cyber security incident costs for large Australian healthcare providersJournal of Cyber Security Technology10.1080/23742917.2023.22919148:4(260-285)Online publication date: 26-Dec-2023
  • (2023)Cyber Incidents Risk Assessments Using Feature AnalysisSN Computer Science10.1007/s42979-023-02199-w5:1Online publication date: 15-Nov-2023
  • (2022)Sarima-Based Cyber-Risk Assessment and Mitigation Model for A Smart City’s Traffic Management Systems (Scram)Journal of Organizational Computing and Electronic Commerce10.1080/10919392.2022.205425932:1(1-20)Online publication date: 18-Mar-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
AFIPS '77: Proceedings of the June 13-16, 1977, national computer conference
June 1977
1039 pages
ISBN:9781450379144
DOI:10.1145/1499402
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • AFIPS: American Federation of Information Processing Societies

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 June 1977

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)166
  • Downloads (Last 6 weeks)23
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Operational shock: A method for estimating cyber security incident costs for large Australian healthcare providersJournal of Cyber Security Technology10.1080/23742917.2023.22919148:4(260-285)Online publication date: 26-Dec-2023
  • (2023)Cyber Incidents Risk Assessments Using Feature AnalysisSN Computer Science10.1007/s42979-023-02199-w5:1Online publication date: 15-Nov-2023
  • (2022)Sarima-Based Cyber-Risk Assessment and Mitigation Model for A Smart City’s Traffic Management Systems (Scram)Journal of Organizational Computing and Electronic Commerce10.1080/10919392.2022.205425932:1(1-20)Online publication date: 18-Mar-2022
  • (2022)Kernel naïve Bayes classifier-based cyber-risk assessment and mitigation framework for online gaming platformsJournal of Organizational Computing and Electronic Commerce10.1080/10919392.2021.198779031:4(343-363)Online publication date: 29-Jan-2022
  • (2022)Cyber-risk Management Framework for Online Gaming Firms: an Artificial Neural Network ApproachInformation Systems Frontiers10.1007/s10796-021-10232-725:5(1757-1778)Online publication date: 9-Jan-2022
  • (2015)Measuring Risk: Computer Security Metrics, Automation, and LearningIEEE Annals of the History of Computing10.1109/MAHC.2015.3037:2(32-45)Online publication date: Apr-2015
  • (2015)Institutional pressures in security managementInformation and Management10.1016/j.im.2014.12.00452:4(385-400)Online publication date: 1-Jun-2015
  • (2013)Cyber-risk decision modelsDecision Support Systems10.5555/2747904.274821256:C(11-26)Online publication date: 1-Dec-2013
  • (2010)Towards a Structural Secure Design ProcessProceedings of the 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies10.1109/SECURWARE.2010.52(280-286)Online publication date: 18-Jul-2010
  • (2009)Towards the Integration of Security Aspects into System Development Using Collaboration-Oriented ModelsSecurity Technology10.1007/978-3-642-10847-1_10(72-85)Online publication date: 2009
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media