Communications of the ACM
| Hi-index | 0.00 |
Recent articles and papers in the SIGSAC Review and at computer security conferences have discussed the need for top management directed computer security charters and programs. While a good first step, what is needed is both the security charters as well as an active centralized security organization with a substructure to support it. This paper describes the issues which led the Air Force to develop a centralized organization for Computer Security policy, Research and Development, and evaluation with the necessary supporting substructure. The issues are common to any large organization with multiple sites containing numerous and diverse systems either as part of industry or the federal government.