A study of computer security policies for the Indonesian Navy

Abstract

The Indonesian Navy recognized the need for a computer security program over ten years ago. They published their first computer security regulation in 1981. But that regulation is now obsolete because of the advances in technology and the increased availability of powerful computer systems. As computer systems become bigger, more complicated, easier to use, more interconnected, and more important, they become more vulnerable to hackers, terrorist, and disgruntled employees. This thesis demonstrates the need for an updated computer security regulation. To add in meeting that need, the thesis proposes a security program for the Indonesian Navy that is based on the multilevel trusted computer criteria published by the NCSC in the 'Orange Book', the Canadian Trusted Product Evaluation Criteria and ITSEC. The proposed program includes additional regulations concerning physical security, data security, integrity and availability, and recommended trusted evaluation guide