An Analysis of Computer Security Safeguards for Detecting and Preventing Intentional Computer Misuse

Ruder, Brian; Madden, J.; Blanc, Robert

doi:https://doi.org/10.6028/NBS.SP.500-25

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov. [12:20 pm ET - If you received "Page Not Found" errors recently, please retry accessing those files. File synchronization should now be complete.]

NBS SP 500-25

An Analysis of Computer Security Safeguards for Detecting and Preventing Intentional Computer Misuse

Documentation

Date Published: January 1978

Author(s)

Brian Ruder (SRI), J. Madden (SRI)

Editor(s)

Robert Blanc (NBS)

Abstract

Stanford Research Institute (SRI) has an extensive file of actual computer misuse cases. The National Bureau of Standards asked SRI to use these cases as a foundation to develop ranked lists of computer safeguards that would have prevented or detected the recorded intentional misuses. This report provides a working definition of intentional computer misuse, a construction of a vulnerability taxonomy of intentional computer misuse, a list of 88 computer safeguards, and a model for classifying the safeguards. In addition, there are lists ranking prevention and detection safeguards, with an explanation of the method of approach used to arrive at the lists. The report should provide the computer security specialist with sufficient information to start or enhance a computer safeguard program.

Keywords

computer security; computer misuse; computer safeguards; computer security model; computer crime; computer fraud; privacy

Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NBS.SP.500-25
Download URL

Supplemental Material:
None available

Document History:
01/01/78: SP 500-25 (Final)