Assuring Data Security Integrity at Ford Motor Company

Abstract

Security auditing methods have not changed markedly from those first developed for the stand-alone computer environments of the 1960s. These methods were adequate for their time, but modern information system technology has made auditing computer security a much more imposing problem. There are numerous reasons for this. Personal computers have placed powerful tools for exploration and hacking onto everyone's desk. Networks have revolutionized the exchange of information, but they have also provided a direct path for hackers to attack and compromise critical computer assets. Even more threatening, employees and contractors can often readily gain unrestricted access to even the most sensitive information simply because standards for protection have not been designed or implemented. In this environment, bookkeeping-based auditing methods not only fall short, but can create a misleading impression that security is under control.