|
 ABSTRACT
Students think that security is crime prevention, someone else's business. In fact, security is error prevention and is everybody's business.
At government and industrial conferences employers complain that C.S. and C.I.S. graduates
- 1) don't see security as a significant factor in getting their jobs done, and
- 2) don't have a clear conception of what constitutes ethical professional behavior.
This article, demonstrates ways to integrate into existing courses activities that promote students' awareness of professional responsibilities to protect the integrity of the systems and data they work with, and of accepted professional ethical standards.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
i
|
DPMA survey conducted by Detmar S~raub of Indiana University, Bloomington, Ind., as reported in "Crime s srvey indicts ' insiders ' ", by John Desmond, Computerworld, June i0, 1985, p.2.
|
| |
ii
|
Courtney, Robert H. Jr., 'Computer Security: The Menace Is Human Error', The Office, March 1984, pp 119-20. Quoted in Computers & Security, Vol. 3, Nr. 3, p. 240.
|
| |
iii
|
The Department of Defense, ~s~ STD-001-83, 15 August 1983, defines "a uniform set of basic requirements and evaluation classes for assessing the effectiveness of security controls built into Automatic Data Processing (ADP) systems...for use in the evaluation and selection of ADP systems being considered for the processing and/or storage and retrieval of sensitive or calssified information by the Dapartment of Defense." (Foreward, p. i) This "Orange Book" of criteria is urged upon all contractors wishing to do business with the Department of Defense. "Point of contact concerning this publication is the Office of Standards and Products, Attention: Chief, Computer Security Standards."
|
| |
iv
|
Remark made by Howard M. Anderson, Managing Director, The Yankee Group, talking on "Resolving the Conflict: User Friendliness vs. Effective Security" at the CSI 12th Annual Computer Security Conference, Nov. 1985, Chicago.
|
| |
v
|
If you are using a text which does stress problem prevention as an integral part of problem solving in some course, please write and tell me about it, and tell me your over-all opinion of the effectiveness of the book. I'll add the book to the text book list I am compiling.
|
 |
vi
|
|
| |
vii
|
Cited also by William H. Murray of IBM at the CSI 12th Annual Computer Security Conference, Chicago, Ill., during the panel discussion on Nov. 6, 1985. Courtney has been citing this study in talks since 1975, at least.
|
| |
viii
|
For more examples, see Cook~ Janet M.,' INCREASING STUDENTS ' SECURITY AWARENESS: ARTICLE I, Teaching Integrity Features: Using Data Verification to Illustrate the use of Subprocedures in Elementary Programming Classes', ~I~ES~ ~oc~~DEs, Mar ch, 1985.
|
| |
ix
|
Rubinstein, Richard & Hersh, Harry, The Human Factor, Digital Press, 1984, pp. 142-3.
|
| |
x
|
Ibid., pp. 131-152.
|
| |
xi
|
Martin, James, Security, Acuracy, Hall, inc., 1973, p. 25.
|
| |
xii
|
Glass, Robert L., Software solliE~es, Computing Trends, Seattle, 1981, Chapter IV. I, pp. 54-64. The chapter, entitled Persistent Software Errors, is cited as having been published previously in IEEE Transactions of Software Engineering, but no date is given.
|
| |
xiii
|
An example given by Robert H. Courtney, Jr., of RCI, during his address on "Changing Perceptions of the Relative Importance of Security and Control" at the CSI 12 Annual Computer Security Conference, Chicago, Nov. 4, 1985.
|
| |
xiv
|
Newsweek, 'Teaching Hackers Ethics ' Jan 14 1985 Education section.
|
| |
xv
|
Attacks are simple since an attacker has only a handful of people to psych out. The challange in protecting a system is to anticipate anything ANYONE might try. This is hard to simulate in a class where students know each other. By assigning 4-5 person teams to block each other ' s attacks, however,c lose f r lends can be put on different teams.
|
| |
xvi
|
Anderson, Howard M., loc. cit.
|
| |
xvii
|
|
| |
xviii
|
Parker, Donn B., Ethical Conflicts in Computer Sciences and Technology, AFIPS Press. Several sectionsare reproduced in Fighting Computer Crime, by Donn B. Parker, Charles Scribner's Sons, 1983, Part Four: Ethical Conflicts in Computing, pp. 191-226.
|
| |
xix
|
|
| |
xx
|
For the ACM Code of Professional Conduct, see Parker, loc. tit. : E~bi~l ~ch~ ol~s~, pp. 159 - 62, o r Communications of the ACM, Vol. 11, No. 2, Feb. 1968. For the DPMA Code of Ethics, see any DPMA membership certificate or write to Data Process ing Management Association, 505 Busse Highway, Park Ridge, IL, 60068.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.4