Preventing internal computer abuse.

Abstract

American businesses lose millions of dollars every year through computer crime perpetrated by company employees. Most of these losses are the direct result of inadequate corporate security programs. They could be eliminated fairly easily if organizations would employ common sense and relatively inexpensive remedial actions that range from the mostly broad- based and non-technical efforts of top management to the very specific and technical measures inherent to lower management levels. This paper deals specifically with the steps that should be taken at the top manage- ment level. It proposes that top management must first develop a better understanding of the nature of the criminal threat and effect an ethical business environment that will detect/deter/prevent abusive inclinations. Top management must then ensure that a sound overall security program is in place as a framework within which specialized security controls can and must function. Finally, top management must initiate specific security controls and ensure that subordinate levels of managers follow suit.