Unit 1 Protecting your Computer System

Date: 2015-10-07; view: 392.

Tapescripts

computer consultant: This morning I would like to find out what your company requires in terms of protection for your computer system. After you've outlined what you need, then we can discuss the actual details.

data processing manager: Well, as you know, we're a medium-sized manufacturing company. We haven't got a computer room; the main processing equipment is housed in the general office. We've got 10 terminals around the building. Four of these are used by keyboard operators to input information, and the others are used to provide information to senior staff.

computer consultant: So you haven't got a specially designed computer room?

DATA PROCESSING MANAGER: No.

computer consultant: Well, of course it's more difficult to totally protect your system in that case.

data processing manager: Yes, 1 understand. However, our main need is that the system must only allow authorized access. Unfortunately in our case I don't think that it will be feasible for us to provide physical isolation. We just can't provide a separate room for the hardware. But in my opinion, we needn't provide total protection for hardware and software.

I see the solution as follows: The system must tell us if someone — an unauthorized person for example — tries to get into the system. In this way we can protect the hardware in an open environment.

computer consultant: I see, yes. I follow your logic, and I think we can design a control system to suit your specifications. But 1 need to know more about control of access.

data processing manager: Yes, certainly. We can specify the type of access allowed to different categories of users. Firstly, the company employees don't all need to have access to the system. And secondly, some staff don't need to use all the facilities of the system.The system must only allow users to gain access via a unique identification code. And the type of identification code will enable the user to view different types of information. The system, for example, must allow managers to call up data relevant to their needs: but it may not give them access to data intended for different categories of personnel.

Now . . the next feature of the system is that it must control the level of access via passwords. What this means is that the system must control the type of operations which different categories of personnel may carry out on the data. Managers must be able to view, enter and amend data; operators, on the other hand, must not be able to make any changes to data — they may only make new entries. Now, in order to avoid accidental or intentional loss of data, only specially authorized personnel may delete data files.