NAMA:FADLAN UMAR ROZIKIN

NIM:235150307111032
KELAS:TK -C

THE PROTECTION OF INFORMATION IN COMPUTER SYSTEMS

As computers become better,understood,and more economical, every day brings new

applications.Many of these new applications involve both storing information and simultaneous
use by several individuals.For those applications in which all users should not have identical
authority, some scheme is needed to ensure that the computer system implements the desired
authority structure.For example, in an airline seat reservation system, a reservation agent might
have authority to make reservations and to cancel reservations for people whose names he can
supply.A flight boarding agent might have the additional authority to print out the list of all
passengers who hold reservations on the flights for which he is responsible, The airline might
wish to with hold from the reservation agent the authority to print out a list of reservations.The
airline example is one of protection of corporate information for corporate self-protectionMany
other examples of systems requiring protection of information are encountered every day: credit
bureau data banks; law enforcement information systems; timesharing service bureaus; on-line
medical information systems; and government social service data processing systems.These
examples span a wide range of needs for organizational and personal privacy.All have in
common controlled sharing of information among multiple users.Therefore, all planning is
required to ensure that the computer system implements the correct permission structure.Of
course, depending on your application, your computer system may not require any special
precautions. For example, an externally administered code of ethics or a lack of computer
literacy may adequately protect stored information.Although there are situations in which it is
not necessary for computers to provide tools to ensure information protection, in many cases it is
appropriate to have computers enforce the necessary permission structures. This article explains
how to protect all the information on your computer.

“The term “security” describes techniques that control who may use or modify the computer or
the information contained in it”. Security specialists (e.g., Anderson [ 61 ) have found it useful to
place potential security violations in three categories:

First Unauthorized information release: an unauthorized person is able to read and take
advantage of information stored in the computer. This category of concern sometimes extends to
“traffic analysis,” in which the intruder observes only the patterns of information use and from
those patterns can infer some information content. It also includes unauthorized use of a
proprietary program. Second Unauthorized information modification: an unauthorized person is
able to make changes in stored information-a form of sabotage. Note that this kind of violation
does not require that the intruder see the information he has changed.Third Unauthorized denial
of use: an intruder can prevent an authorized user from referring to or modifying information,
even though the intruder may not be able to refer to or modify the information.
 Causing a system “crash,” disrupting a scheduling algorithm, or firing a bullet into a computer
are examples of denial of use. This is another form of sabotage. The term “unauthorized” in the
three categories listed above means that release, modification, or denial of use occurs contrary to
the desire of the person who controls the information, possibly even contrary to the constraints
supposedly enforced by the system. The biggest complication in a general-purpose remote
accessed computer system is that the “intruder” in these definitions may be an otherwise
legitimate user of the computer system. Examples of security techniques sometimes applied to
computer systems are the following:

The First Tips is Labeling files with lists of authorized users: involves associating specific files
or data with a list of individuals who are authorized to access or modify them. It helps in
controlling and monitoring access to sensitive information.
The Second Tips is Verifying the identity of a prospective user by demanding a password:Entails
authenticating a user's identity through the use of a password before granting access.
The Third Tips is Shielding the computer to prevent interception and sub sequent interpretation
of electromagnetic radiation:could mean protecting the computer system from interception or
subversion attempts. involve implementing security measures such as firewalls, intrusion
detection systems, and encryption to safeguard against unauthorized access or attacks.
The Fourth Tips Enciphering information sent over telephone lines:Encrypting information
transmitted over telephone lines ensures that the data is secure and cannot be easily intercepted
or understood by unauthorized parties. This is particularly important for sensitive
communications to maintain confidentiality.
The five tips is Locking room containing the computer:Locking the room containing a computer
system helps prevent unauthorized physical access. This is an essential measure to protect
against tampering or theft of hardware.
The six tips is Controlling who is allowed to make changes to the computer system (both its
hardware and software):Restricting access to individuals authorized to make changes helps
ensure the integrity of the system. Unauthorized modifications, whether to hardware or software,
can pose significant security risks.
The seven tips is Using redundant circuits or programmed cross-checks that maintain security in
the face of hardware or software failures: Implements redundancy and cross-check mechanisms
to ensure system security, especially during hardware or software failures.
The eight tips is Certifying that the hardware and software are actually implemented as intended:
Certifying that the hardware and software are actually implemented as intended is an important
step to ensure that the system operates securely and as designed.

As an conclusion, it can be stated that ensuring data security in computer systems is very
important. The term "security" encompasses a number of access and modification control
techniques and classifies potential security breaches into unauthorized disclosure, modification,
and denial of access. Implementation of security measures is critical to protect data and maintain
the desired authority in a computer system.
References:

[ 1] A. Westin, Privacy and Freedom. New York: Atheneum, 1967. (IA1, SFR)

[2] A,Miller The Assault of Privacy. Ann Arbor, Mich.: Univ. of Mich. Press, 1971 ; also New
York: Signet, 1972, Paperback (I-Al, SFR) W4934. (EA1, SFR).

[ 3] Dept. of -Health, Education, and Welfare, Records, Computers, and the Rights of
citizens. Cambridge, Mass.: M.I.T. Press, 1973.(IA, SFR)

[4] R. Turn and W. Ware, “privacy and security in computer systems,” Am-. Scienrin, vot 63,
pp. 196-203, Mar.-Apr. 1975 (I-A1).

[5][SI W. Ware. “Security and privacy in computer systems,” in 1967 SJCC, AFIPS Cons
hoc., vol. 30, pp. 287-290. (I-A1)

[6] J. Anderson, “Information security in a multi-user computer environment,” in Advances

in Computers, vol. 12. New York: Academic Press, 1973, pp. 1-35. (I-A1, SFR)