|
|
|
|
|
|
|
|
|
|
|
|
Computers and the information they contain are generally considered confidential systems and their use is typically restricted to a limited number of users. The confidentiality of information can be violated by observing another user’s computer screen, tricking authorized users into revealing confidential information, wiretapping, hacking or attacking system security, and stealing computers or information. Consequently, techniques have been developed to protect computers and computer systems from accidental or intentional harm, including destruction of computer hardware and software, physical loss of data, deception of computer users, and the deliberate invasion of databases by unauthorized personnel. The most basic defense is the use of an access code. This is a unique combination of characters, usually letters and/or numbers, used as identification for gaining access to a computer system. On a network, the access code is often referred to as "user name," "user ID," or "password." Sometimes both an access code and a password are required to enter a system. Because of the increased use of computer databases and the need to control access to them, CALEA developed a specific standard in the 4th Edition Standards Manual. Standard 82.1.6 "A written directive requires an annual audit of the central records computing system for verification of all passwords, access codes, or access violations." As noted in the Commentary, regular reviews of assigned passwords and/or access codes, as well as investigation of access violations, are ways of insuring the integrity of the computer system and the security of records. CALEA staff recognizes that some agencies may delegate this function to another agency or bureau, but the original agency remains responsible for compliance verification of this standard.
|
|
|
