Every AIS facility’s technical manager and upper
management should establish strict controls and
procedures over individuals authorized to access the
personal data files. If everyone at the facility needs
authority to access personal data files, the security
measures should adequately control system access. If
there are persons working on the system whose access
should be limited, the following risks should be
considered:
Open system access. This means there may be
no control over who can either use the AIS or
enter the computer room.
Theft of data. Personal data maybe stolen from
the computer room or other places where it is
stored.
Unprotected files. Personal data files may not
be protected from unauthorized access by other
users of the AIS. This applies to online files and
also to offline files, such as files on magnetic
tapes. The offline files are sometimes accessible
simply by requesting a tape be mounted.
Dial-in access. There is serious danger that
unauthorized persons can access the system
when remote, dial-in access is allowed.
Open access during abnormal circumstances.
Personal data that is adequately protected during
normal operations may not be adequately
protected under abnormal circumstances.
Abnormal circumstances include power failures,
bomb threats, and natural disasters, such as fire
or flood.
The physical destruction or disabling of the AIS is
not normally a primary risk to privacy. However, all
computer systems presently in use are vulnerable to
deliberate penetrations that can bypass security
controls. These types of security penetrations require
extensive technical knowledge. At present, the Navy
has experienced very few of these deliberate
penetrations. Commands designing large computer
networks should consider the following risks early in
the planning stage:
Misidentified access. Passwords are often used
to control access to a computer or to data, but
they are notoriously easy to obtain if their use is
not carefully controlled. Furthermore, a person
may use an already logged-in terminal, which the
authorized user has left unattended, or may
capture a communications port as an authorized
user attempts to disconnect from it.
Operating system flaws. Design and
implementation errors in operating systems
allow a user to gain control of the system. once
the user is in control, the auditing controls can
be disabled, the audit trails erased, and any
information on the system accessed.
Subverting programs. Programs containing
hidden subprograms that disable security
protections can be submitted. Other programs
can copy personal files into existing or
misidentified files to use when protection is
relaxed.
Spoofing. Actions can be taken to mislead
system personnel or the system software into
performing an operation that appears normal but
actually results in unauthorized access.
Eavesdropping. Communications lines can be
monitored by unauthorized terminals to obtain
or modify information or to gain unauthorized
access to an AIS.
INFORMATION MANAGEMENT
PRACTICES
Information management practices refer to the
techniques and procedures used to control the many
operations performed on information to accomplish the
command’s objectives. They do not extend to the
essential managerial determination of the need for and
uses of information in relation to any command’s
mission. In this context, information management
includes data collection, validation and transformation;
information processing or handling; record keeping;
information control, display, and presentation; and,
finally, standardization of information management
operations.
Before enacting new policies in personal data
handling procedures, AIS technical managers should
analyze current practices. To facilitate the explanation
of their roles, the information management guidelines
presented in the following material are grouped into
major categories: handling of personal data,
maintenance of records to trace the disposition of
personal data, data processing practices, programming
practices, assignment of responsibilities, and
procedural inspecting. Every practice presented may
not be required at every Navy AIS facility by upper
management. Select only the suggested practices
relevant to the designated command’s environment and
mission, or approved by upper management.
4-37
