A survey-based examination of microcomputer security problems and techniques and the potential of the expert system as an answer
Security control of microcomputer systems is of increasing concern to organizations. The adequacy of microcomputer management policies and procedures must be individually determined for each organization. Various types of systems applications involve different levels of risk and need somewhat different kinds of controls. Some applications involve valuable assets, while others process information of little interest to others. The controls selected to minimize risk should match the potential exposure of each individual system. There are many ways to achieve a reasonable level of control. Methods range from relatively complex structures required for larger intricate systems to mere reliance on management supervision for smaller systems. This study addresses control methods to minimize microcomputer risks associated with technically unskilled users. A survey was conducted to determine the actual problems associated with this group of users. In addition, the study examines the potential of an expert system to be used as a management tool for identifying microcomputer security requirements and increasing user awareness. An expert system prototype was developed and demonstrated to several microcomputer managers. The results of the prototype review indicated that the expert system has a strong potential for resolving the problems of user awareness and identifying security requirements.