Case Study 8: Safeguards
A government department rented space in a public building to provide easy
customer access to its services. Because of the limited space available to serve
clients, one computer terminal used by employees of the department was in an
open area.
On one occasion when one of two employees had gone on a break and the other
was busy with a client, a customer waiting for service saw this computer and,
thinking it was for customer use, typed in her name and address and saw her
entire file appear on screen. She was surprised that there were no security
safeguards, especially as it seemed that anyone who knew an address for any
individual could call up data on that person.
What do you think?
Which of the following security measures would be effective to prevent
inappropriate access to information via this computer?
| 1. |
There should have been a notice beside the computer saying it was for staff use only. |
|
| 2. |
Employees should have been instructed to log off the computer if they left the area. |
|
| 3. |
The department should never place an employee computer in an unrestricted area. |
|
| 4. |
Remaining employees should have been instructed to watch the unattended computer. |
|