BIBLIOGRAPHY OF COMPUTER SECURITY REPORTS (1976 through 1988) Note: A bibliography is now being developed to encompass 1989. AUTHORS SPECIFIED ABUSE/MISUSE/CRIME AUTHOR: Burnham, B.W. TITLE: Virus Threat and Secure Code Distribution ORGANIZATION: U.S. Department of Energy REPORT NO.: DE85-009106/XAB PUBLICATION DATE: 1985 CATEGORY: Abuse/Misuse/Crime COST: $9.95 DESCRIPTION: This report discusses countermeasures that can be taken against virus programs in a computer system. A virus program that relocates itself in memory and might help in defeating security measures. AUTHOR: Ruder, Brian and Madden, J.D. TITLE: An Analysis of Computer Security Safeguards For Detecting and Preventing Intentional Computer Misuse ORGANIZATION: National Institute of Standards and Technology REPORT NO.: 500-25, Order # PB 275514 PUBLICATION DATE: January 1978 CATEGORY: Abuse/Misuse/Crime COST: $11.50 DESCRIPTION: Discusses 88 computer security safeguards and a model for evaluating safeguards as mechanisms for preventing misuse. ACCESS CONTROL AUTHOR: Aiken, D. TITLE: Secure User Authentication in a Distributed Computing Environment ORGANIZATION: U.S. Department of Energy/National Technical Information Service REPORT NO.: DE86-002960 PUBLICATION DATE: October 1985 CATEGORY: Access Control COST: $9.95 DESCRIPTION: This report looks at a method for user authentication in a distributed computing system where information is protected from release, modification, and replay. AUTHOR: Arazi, Benjamin TITLE: Processing of Encrypted Commercial Data ORGANIZATION: National Research Institute for Mathematical Sciences REPORT NO.: PB82-204306 PUBLICATION DATE: September 1981 CATEGORY: Access Control COST: $9.95 DESCRIPTION: Discusses an encryption scheme that will help process encrytped commercial data. AUTHOR: Brickell, E.F. TITLE: New Knapsack-Based Cryptosystem ORGANIZATION: National Technical Information Service REPORT NO.: DE83-011283 PUBLICATION DATE: 1983 CATEGORY: Access Control COST: $9.95 DESCRIPTION: This paper presents a knapsack-based cryptosystem that seems to be secure from attacks that have violated other knapsack-based cryptosystems. AUTHOR: Gait, Jason TITLE: Maintenance Testing for the Data Encryption Standard ORGANIZATION: National Institute of Standards and Technology REPORT NO.: 500-61, Order # PB 80221211 PUBLICATION DATE: August 1980 CATEGORY: Access Control COST: $8.50 DESCRIPTION: Discusses four test that users and manufactures can use to check the operation of data encryption devices. AUTHOR: Gait, Jason TITLE: Validating the Correctness of Hardware Implementations of the NBS Data Encryption Standard ORGANIZATION: National Institute of Standards and Technology/ National Technical Information Service REPORT NO.: 500-20 Order # PB 81113524 PUBLICATION DATE: November 1977 CATEGORY: Access Control COST: $8.50 DESCRIPTION: The NBS testbed that is used for validating the hardware implementations of the Data Encryption Standard (DES) is described. AUTHOR: Hartman, W.J. TITLE: A Critique of Some Public-Key Cryptosystems ORGANIZATION: National Telecommunications and Information Administration REPORT NO.: PB82-120270 PUBLICATION DATE: August 1981 CATEGORY: Access Control COST: $11.95 DESCRIPTION: Discusses several cryptosystems and ways in which these systems can be attacked. examples of programs that attack cryptosystems are included. AUTHOR: McClain, W.J. TITLE: Security of Distributed ADP Systems: Problems and Solutions ORGANIZATION: National Technical Information Service REPORT NO.: DE84-001585 PUBLICATION DATE: July 25, 1983 CATEGORY: Access Control COST: $11.95 DESCRIPTION: Discusses the challenge in keeping a distributed network secure and suggests that the tools required to keep a system safe will be available in the near future. AUTHOR: Mullender, S.J. and Tanenbaum, A.S. TITLE: Protection and Resource Control in Distributed Operating Systems ORGANIZATION: National Technical Information Service REPORT NO.: PB85-201671/XAB PUBLICATION DATE: March 1983 CATEGORY: Access Control COST: $13.50 DESCRIPTION: Discusses how a traditional object- oriented system can be implemented on top of a basic protection mechanism in local networks where the computer cable has sockets in several rooms through the building. AUTHOR: Nessett, D.M. TITLE: Factors Affecting Distributed System Security ORGANIZATION: U.S. Department of Energy/National Technical Information Service REPORT NO.: DE86-003483 PUBLICATION DATE: April 6, 1986 CATEGORY: Access Control COST: $9.95 DESCRIPTION: This report examines the requirements of distributed system security and critiques recent work in this field. AUTHOR: Power, J.M. and Wilbur, S.R. TITLE: Authentication in a Heterogeneous Environment ORGANIZATION: National Technical Information Service REPORT NO.: PB86-135522/XAB PUBLICATION DATE: April 30, 1985 CATEGORY: Access Control COST: $13.50 DESCRIPTION: This report describes a way in which authentication of users and servers of a computer system can be accomplished. The method can be used with simple processors or timesharing systems. AUTHOR: Springer, E. TITLE: Current Status of Link Access Control and Encryption System ORGANIZATION: U.S. Department of Energy/ National Technical Information Service REPORT NO.: DE84-009604 PUBLICATION DATE: 1984 CATEGORY: Access Control COST: $9.95 DESCRIPTION: This report is from a summary of the proceedings of the DOE Computer Security Conference held on April 10, 1984. Discussed is a system that protects unclassified sensitive data transmissions over unprotected lines using a data encryption standard. AUTHOR: Wood, Helen TITLE: The Use of Passwords for Controlled Access to Computer Resources ORGANIZATION: National Institute of Standards and Technology/National Technical Information Service REPORT NO.: 500-9, Order # PB 266323 PUBLICATION DATE: May 1977 CATEGORY: Access Control COST: $10.00 DESCRIPTION: Password schemes are analyzed according to such things as lifetime and information content. Cost considerations of password schemes are also discussed. AUDIT AND EVALUATION AUTHOR: Bishop, M. TITLE: Analyzing the Security of an Existing Computer System ORGANIZATION: National Aeronautics and Space Administration REPORT NO.: N86-33029/7/XAB PUBLICATION DATE: May 1986 CATEGORY: Audit and Evaluation COST: $9.95 DESCRIPTION: This report examines ways to locate security problems in existing computer systems by serving as a basis for conducting thought experiments. AUTHOR: Ruthberg, Zella G. Edited by TITLE: Audit and Evaluation of Computer Security II: System Vulnerabilities and Controls ORGANIZATION: National Institute of Standards and Technology REPORT NO.: 500-57, Order # SN 003-003-02178-4 PUBLICATION DATE: April 1980 CATEGORY: Audit and Evaluation COST: $7.00 DESCRIPTION: This report discusses the NBS/GAO workshop on developing improved computer security auditing procedures. CONTINGENCY PLANNING AUTHOR: Isaac, Irene TITLE: Guide on Selecting ADP Backup Processing Alternatives ORGANIZATION: National Institute of Standards and Technology/U.S. Department of Commerce REPORT NO.: 500-134, Order # SN 003-003-02723-5 PUBLICATION DATE: May 1986 CATEGORY: Contingency Planning COST: $3.75 DESCRIPTION: Addresses the issue of selecting ADP backup processing support before the need actually occurs. Alternative processing methods are described along with a way to pick the best method. GENERAL SECURITY AUTHOR: Berting, F.M. TITLE: Fundamentals of Computer Security ORGANIZATION: U.S. Department of Energy/ National Technical Information Service REPORT NO.: DE84-011476 PUBLICATION DATE: April 4, 1984 CATEGORY: General Security COST: $9.95 DESCRIPTION: This report addresses the need for protective measures against accidental or malicious harm done to computers by people. AUTHOR: Edgar, Mallory F. TITLE: Automated Information Systems (AIS) Security ORGANIZATION: American Defense Preparedness Association REPORT NO.: None Specified PUBLICATION DATE: August 8, 1987 CATEGORY: General Security COST: Free DESCRIPTION: This report examines past and current events affecting AIS security on a national level. AUTHOR: Kovach, R.D., Bolczak, R., and Tompkins, F.G. TITLE: Model Set of Security Requirements for Procuring and implementing Transaction Processing Systems ORGANIZATION: National Technical Information Service REPORT NO.: PB86-119989/LP PUBLICATION DATE: January 1985 CATEGORY: General Security COST: $13.95 DESCRIPTION: This document helps establish a security baseline for obtaining data processing services from a contractor. AUTHOR: McLoughlin, Glenn J. TITLE: Computer Crime and Security ORGANIZATION: Congressional Research Services, U.S. Congress REPORT NO.: Order Code IB85155 PUBLICATION DATE: April 10, 1987 CATEGORY: General Security COST: Free DESCRIPTION: This report examines the topics of threat of entering systems and damaging or stealing data, the role of the federal government in defining "computer crime" and "authorized access", and whether federal protection should be extended into both the private and federal sectors. AUTHOR: McLoughlin, Glenn J. TITLE: Computer Security Issues: The Computer Security Act of 1987 ORGANIZATION: Congressional Research Service, U.S. Congress REPORT NO.: Order Code IB87164 PUBLICATION DATE: February 9, 1988 CATEGORY: General Security COST: Free DESCRIPTION: This report discusses the current federal role in computer security and the computer security act of 1987. AUTHOR: Popek, G.J. TITLE: Secure Reliable Processing Systems ORGANIZATION: National Technical Information Service REPORT NO.: AD-A140 150/4 PUBLICATION DATE: February 21, 1984 CATEGORY: General Security COST: $18.95 DESCRIPTION: This report, technical in nature, examines research done at UCLA that focused on computer security and distributed computer systems including networks, operating systems, and data management. AUTHOR: Story, Frank TITLE: ADP Security: Executive Training ORGANIZATION: Kaiser Engineers Hanford Contact: Frank Story, IS Manager REPORT NO.: PUBLICATION DATE: 1987 CATEGORY: General Security COST: DESCRIPTION: This is a copy of material distributed at the May 1987 Computer Security Conference in Albuquerque, NM. Includes reasons for computer crime, the computer criminal profile, and computer security emphasis items. LAW AND ETHICS AUTHOR: Bailey, D. TITLE: Attacks on Computers: Congressional Hearings and Pending Legislation ORGANIZATION: National Technical Information Service REPORT NO.: DE84-007468 PUBLICATION DATE: April 30, 1984 CATEGORY: Law and Ethics COST: $6.50 DESCRIPTION: This report is a summary of the hearings of the 98th Congress, First Session that dealt with the introduction of six bills on computer security. Also summarized are computer crime bills that were pending. MICROCOMPUTER SECURITY AUTHOR: Steinauer, Dennis D. TITLE: Security of Personal Computer Systems: A Management Guide ORGANIZATION: National Institute of Standards and Technology REPORT NO.: 500-120. Order # SN 003-003-02627-0 PUBLICATION DATE: January 1985 CATEGORY: Microcomputer Security COST: $3.00 DESCRIPTION: This publication is intended for managers and users of small systems. Advice is given concerning the physical protection of a system as well as the protection of software and data. PRIVACY AUTHOR: Goldstein, Robert and Seward, Henry TITLE: A Computer Model to Determine Low Cost Techniques to Comply with the Privacy Act of 1974 ORGANIZATION: National Institute of Standards and Technology/National Technical Information Service REPORT NO.: 76-985 Order # PB 250755 PUBLICATION DATE: February 1976 CATEGORY: Privacy COST: $10.00 DESCRIPTION: This report gives a computer model that simulates the cost of implementing the Privacy Act using alternative approaches for applying safeguards. The computer model can be changed to show varying circumstances. AUTHOR: Moore, Gwendolyn, Kuhns, John, Treffzs, Jeffrey and Montgomery, Christine TITLE: Accessing Individual Records from Personal Data Files Using Nonunique Identifiers ORGANIZATION: U.S. Department of Commerce / National Technical Information Service REPORT NO.: 500-2, Order # PB 263176 PUBLICATION DATE: February 1977 CATEGORY: Privacy COST: $19.00 DESCRIPTION: This report analyzes ways for retrieving personal information using identifiers such as name, address, etc. Shows the accuracy of various methods. RISK MANAGEMENT AUTHOR: Baker, A.L. TITLE: Application of Risk Assessment ORGANIZATION: U.S. Department of Energy/ National Technical Information Service REPORT NO.: DE83-001983 PUBLICATION DATE: 1982 CATEGORY: Risk Management COST: $9.95 DESCRIPTION: This report describes the results of the program that was initiated to provide tools to DOE facilities for use in complying with guidelines concerning risk assessment. AUTHOR: Corynen, G.C. TITLE: Methodology for Assessing the Security Risks Associated with Computer Sites and Networks ORGANIZATION: National Technical Information Service REPORT NO.: DE82-019806 PUBLICATION DATE: June 23, 1982 CATEGORY: Risk Management COST: $13.95 DESCRIPTION: This report presents a methodology that managers can use to assess the security risks of a computer complex by emphasizing the need for determination of harms to a system. AUTHOR: Neugent, William, Gilligan, John, Hoffman, Lance and Ruthberg, Zella G. TITLE: Technology Assessment: Methods for Measuring the Level of Computer Security ORGANIZATION: U.S. Department of Commerce/National Institute of Standards and Technology REPORT NO.: 500-133 Order # SN 003-003-02686-7 PUBLICATION DATE: October 10, 1985 CATEGORY: Risk Management COST: $8.00 DESCRIPTION: This technology assessment provides an evaluation of methods for measuring the level of computer security in computer applications, systems, and installations. AUTHOR: Smith, S.T. and Lim, J.J. TITLE: Framework for Generating Expert Systems to Perform Computer Security Risk Analysis ORGANIZATION: U.S. Department of Energy/National Technical Information Service REPORT NO.: DE85-01434/XAB PUBLICATION DATE: 1985 CATEGORY: Risk Management COST: $9.95 DESCRIPTION: This report discusses physical and electronic security. It looks at natural hazards, direct human actions, and indirect human actions such as breach of security from an unauthorized person. SECURITY MANAGEMENT AUTHOR: Helling, William D. TITLE: Computer Security for the Computer Systems Manager ORGANIZATION: National Technical Information Service REPORT NO.: AD-A126 768/1 PUBLICATION DATE: December 1982 CATEGORY: Security Management COST: $13.95 DESCRIPTION: This report discusses basic concepts of computer security and risk analysis for the computer systems managers. Countermeasures against computer problems are also presented. AUTHOR: McCann, S. Anthony & Kusserow, Richard P. Co-Project Managers TITLE: Model Framework For Management Control Over Automated Information Systems ORGANIZATION: President's Council on Management Improvement and the President's Council on Integrity and Efficiency PUBLICATION DATE: August 1987 CATEGORY: Security Management COST: Free DESCRIPTION: This report synthesizes for managers the multitude of directives which contain over- lapping and sometimes confusing guidance on how to protect automated information system operations. SOFTWARE AND OPERATING SYSTEM SECURITY AUTHOR: Gosler, J.R. TITLE: Software Protection: Myth or Reality ORGANIZATION: U.S. Department of Energy/ National Technical Information Service REPORT NO.: DE86-003719/XAB PUBLICATION DATE: November 1, 1985 CATEGORY: Software and Operating System Security COST: $9.95 DESCRIPTION: This paper looks at the advantages and disadvantages of various technologies employed in protection schemes for software. AUTHOR: Landwehr, Carl E. TITLE: Best available Technologies (BAT) for Computer Security ORGANIZATION: Naval Research Laboratory/ National Technical Information Service REPORT NO.: AD-A109 189/1 PUBLICATION DATE: December 21, 1981 CATEGORY: Software and Operating System Security COST: $11.95 DESCRIPTION: This report is aimed at the developer of secure software computer systems and makes suggestions about the design of these systems. Summarized are several specific techniques and applications. AUTHOR: Linden, Theodore TITLE: Operating Systems Structures to Support Security and Reliable Software ORGANIZATION: National Institute of Standards and Technology/National Technical Information Service REPORT NO.: Tech, Note 919, Order # PB 257421 PUBLICATION DATE: August 1976 CATEGORY: Software and Operating System Security COST: $10.00 DESCRIPTION: This report looks at two system structuring techniques that will help in developing a secure computer system. AUTHOR: Rushby, J.M. and Randell, B. TITLE: Distributed Secure System ORGANIZATION: National Technical Information Service REPORT NO.: PB84-141126 PUBLICATION DATE: 1982 CATEGORY: Software and Operating System Security COST: $13.50 DESCRIPTION: This report, in tutorial detail, talks about the design of a distributed computing UNIX system that helps impose a multilevel security policy. AUTHORS NOT SPECIFIED ABUSE/MISUSE/CRIME AUTHOR: Not Specified TITLE: Federal Information Systems Remain Highly Vulnerable to Fraudulent, Wasteful, Abusive, and Illegal Practices ORGANIZATION: U.S. General Accounting Office, REPORT NO.: MASAD-82-18 PUBLICATION DATE: April 21, 1982 CATEGORY: Abuse/Misuse/Crime COST: Free (if less than 5 ordered) DESCRIPTION: This report concludes the inadequate protection over computers and networks leave systems vulnerable to fraudulent, wasteful, and and illegal purposes. ACCESS CONTROL AUTHOR: Not Specified TITLE: Defending Secrets, Sharing Data, New Locks and Keys for Electronic Informatiom ORGANIZATION: Office of Technology Assessments, U.S. Congress REPORT NO.: PUBLICATION DATE: 1987 CATEGORY: Access Control COST: $8.50 DESCRIPTION: Examines the vulnerability of communications and computer systems and the trends in technology for safeguarding information in these systems. AUDIT AND EVALUATION AUTHOR: Not Specified TITLE: Federal Agencies Still Need To Develop Greater Computer Audit Capabilities ORGANIZATION: U.S. General Accounting Office REPORT NO.: AFMD-82-7 PUBLICATION DATE: October 16, 1981 CATEGORY: Audit and Evaluation COST: Free (if less than 5 ordered) DESCRIPTION: This report focuses on the progress by both the Federal Inspector General and internal audit organizations in reaching their computer audit requirements. Included are recommendations for identifying and meeting the necessary auditing needs. AUTHOR: Not Specified TITLE: Flaws in Controls Over The Supplemental Security Income Computerized System Causes Millions in Erroneous Payments ORGANIZATION: U.S. General Accounting Office, P.O. Box 6015 Gaithersburg, MD 20877 (202) 275-6241 REPORT NO.: HRD-79-104 PUBLICATION DATE: August 9, 1979 CATEGORY: Audit and Evaluation COST: Free (if less than 5 ordered) DESCRIPTION: This report describes how federal automated information systems with inadequate security controls are vulnerable to mission impairments. AUTHOR: Not Specified TITLE: Information Systems: Agencies Overlook Security Controls During Development ORGANIZATION: U.S. General Accounting Office, P.O. Box 6015 Gaithersburg, MD 20877 (202) 275-6241 REPORT NO.: GAO/IMTEC-88-11 PUBLICATION DATE: May 31, 1988 CATEGORY: Audit and Evaluation COST: Free (if less than 5 ordered) DESCRIPTION: This report shows some agencies who were not meeting federal criteria and good system development practices for providing reasonable assurance that appropriate security controls were incorporated into their automated information systems. AUTHOR: Not Specified TITLE: Information Systems: Security in Federal Civilian Agencies ORGANIZATION: U.S. General Accounting Office, U.S. Congress REPORT NO.: GAO/T-IMTEC-87-7 PUBLICATION DATE: May 19, 1987 CATEGORY: Audit and Evaluation COST: Free (if less than 5 ordered) DESCRIPTION: This report provides a review of the practices used by federal civilian agencies in identifying and incorporating appropriate security controls in automated information systems. AUTHOR: Not Specified TITLE: Weak Financial Controls Make The Community Services Administration Vulnerable to Fraud and Abuse ORGANIZATION: U.S. General Accounting Office, P.O. Box 6015 Gaithersburg, MD 20877 (202) 275-6241 REPORT NO.: FGMSD-80-73 PUBLICATION DATE: August 22, 1980 CATEGORY: Audit and Evaluation COST: Free (if less than 5 ordered) DESCRIPTION: This report shows how computer security weaknesses in the Community Services Administration exceedingly vulnerable to fraud and abuse. GENERAL SECURITY AUTHOR: Not Specified TITLE: ADP and Telecommunications ORGANIZATION: General Services Administration/ Government Services Administration REPORT NO.: GSA Bulletin FPMR F-148 PUBLICATION DATE: January 10, 1983 CATEGORY: General Security COST: DESCRIPTION: Computer security publications that have been used in developing ADP security management programs are listed in this bulletin. AUTHOR: Not Specified TITLE: Center for Computer Security: Computer Security Group Conference ORGANIZATION: National Technical Information Service REPORT NO.: DE84-012992 PUBLICATION DATE: June 1982 CATEGORY: General Security COST: $11.95 DESCRIPTION: This report comes from a conference on computer security and covers various security issues including security management, certification, risk analysis, contingency planning, and other related topics. AUTHOR: Not Specified TITLE: Computer Security Models ORGANIZATION: National Technical Information Service REPORT NO.: ADA 166 920/LP PUBLICATION DATE: September 1984 CATEGORY: General Security COST: $13.95 DESCRIPTION: This report provides a basis for evaluating security models as they relate to secure computer system development. Included is a summary of existing models plus some general considerations when designing and using security models. AUTHOR: Not Specified TITLE: Glossary for Computer Systems Security ORGANIZATION: U.S. Department of Commerce / National Technical Information Service REPORT NO.: FIPS PUB 39 PUBLICATION DATE: February 1984 CATEGORY: General Security COST: $7.00 DESCRIPTION: This glossary contains approximately 170 computer security terms and definitions. AUTHOR: Not Specified TITLE: Security of Automated Information Systems ORGANIZATION: U.S. Nuclear Regulatory Commission REPORT NO.: NRC Appendix 2301, Part II PUBLICATION DATE: July 25, 1985 CATEGORY: General Security COST: $3.20 DESCRIPTION: This report applies to NRC or NRC contractors that have computer centers, personal computers, or sensitive application systems that process unclassified sensitive data. AUTHOR: Not Specified TITLE: Trusted Computer Systems - Glossary ORGANIZATION: National Technical Information Service REPORT NO.: ADA 108 829/LP PUBLICATION DATE: March 1981 CATEGORY: General Security COST: $9.95 DESCRIPTION: This glossary emphasizes terms that relate to the formal specification and verification of trusted computer systems. MICROCOMPUTER SECURITY AUTHOR: Not Specified TITLE: PC Security Considerations ORGANIZATION: Government Printing Office, Contact: Superintendent of Documents REPORT NO.: GPO Stock # 008-000-00439-1 PUBLICATION DATE: 1985 CATEGORY: Microcomputer Security COST: $1.00 DESCRIPTION: This report provides a general discussion of a number of issues that are pertinent to microcomputer security in the home and business environment. PHYSICAL SECURITY AND HARDWARE AUTHOR: Not Specified TITLE: Computer Surety - Computer System Inspection Guidance ORGANIZATION: Lawrence Livermore National Laboratory/U.S. Nuclear Regulatory Commission REPORT NO.: NUREG/CR-2288 PUBLICATION DATE: March 1983 CATEGORY: Physical Security and Hardware COST: $10.00 DESCRIPTION: Details inspection methods for the Physical Protection Project by the U.S. NRC from the perspective of the physical protection inspectors. Includes glossary of computer terms along with threats and computer vulnerabilities. RISK MANAGEMENT AUTHOR: Not Specified TITLE: Technical Risk Assessment - The Status of Current DOD Efforts ORGANIZATION: U.S. General Accounting Office REPORT NO.: PEMD-86-5 PUBLICATION DATE: April 3, 1986 CATEGORY: Risk Management COST: Free (if less than 5 ordered) DESCRIPTION: This report offers six recommendations concerning basic risk assessment concepts, policies, and procedures for the Department of Defense. SECURITY MANAGEMENT AUTHOR: Not Specified TITLE: Government-Wide Guidelines and Management Assistance Center Needed to Improve ADP Systems Development ORGANIZATION: U.S. General Accounting Office REPORT NO.: AFMD-81-20 PUBLICATION DATE: February 20, 1981 CATEGORY: Security Management COST: Free (if less than 5 ordered) DESCRIPTION: This document suggest a framework of procedures for managing systems development and reiterates the need for a management assistance center for computer software and systems development. AUTHOR: Not Specified TITLE: Management, Security, and Congressional Oversight ORGANIZATION: Government Printing Office Contact: Superintendent of Documents REPORT NO.: OTA-CIT-297 PUBLICATION DATE: February 1986 CATEGORY: Security Management COST: Free (if less than 5 ordered) DESCRIPTION: This report is a review of 142 agency components finding similar weaknesses in information security controls and management practices made by the 1986 Office of Technology Assessment. AUTHOR: Not Specified TITLE: Solving Social Security's Computer Problems: Comprehensive Corrective Action Plan & Better Management Needed ORGANIZATION: U.S. General Accounting Office, U.S. Congress REPORT NO.: HRD-82-19 PUBLICATION DATE: December 10, 1981 CATEGORY: Security Management COST: Free (if less than 5 ordered) DESCRIPTION: This report informs how flaws in controls in systems used by the Social Security Administration caused millions of dollars in erroneous payments. SOFTWARE AND OPERATING SYSTEM SECURITY AUTHOR: Not Specified TITLE: An Approach to Determining Computer Security Requirements for Navy Systems ORGANIZATION: Naval Research Laboratory / Defense Technical Information Center REPORT NO.: ADA 155750 PUBLICATION DATE: CATEGORY: Software and Operating System Security COST: $5.00 DESCRIPTION: This report shows how to meet a particular requirement level as defined in the DOD trusted computer evaluation criteria by proposing a technique for mapping a specific system architecture and application environment.