using Windows networking directly. These options
disaster recovery SOPs will prevent many potential
should be viewed as the only ones currently viable,
problems later.
except to access legacy data, until such time as the
For more information regarding system security
data can be transferred to a more current, standard
and SOPs consult the USACE Internet Center of
system. Network File System was looked at by some
Expertise's (ICE) Guidance on System Security
sites but was found to be slower and less reliable than
http://www.usace.army.mil/ice/.
the others.
System security
CONCLUSIONS
Problem: System security standard operating
procedures
1. The GD&S paradigm for the future includes
intensive Information Management participation and
Description
The most serious detriment at all sites was a lack
mutual cooperation. This includes management-level
of standard system security plans. Most sites had no
IM as well as IM staff.
standard operating procedures (SOPs) in place in case
2. Information systems may be diverse on a local
of disaster, hacker penetration, or physical computer
level but should be connected using optimal high-
crash.
speed networking and should be made interoperable
using software solutions and through database stan-
dardization.
Solutions
Due to the variety of available operating systems,
3. Computer training should be an annual require-
threat potentials, and work environments, the defini-
ment for all GD&S staff. IM staff involved in GD&S
tion of SOPs is beyond the scope of this document,
should also be required to take GD&S training annu-
but there are several issues you should take into
ally also. This is necessary to keep USACE at the
account when designing your SOPs. Data backups
competitive edge needed in this environment where
as mentioned in the Storage section should be
technology that is two years old is outdated.
included in any formal system security plan. All systems
4. Metadata training should be a requirement for
on which data are stored or processed should have an
all current and all new GD&S staff and. Familiarity
official security accreditation per Army Regulations.
with the technology, as well as the Content Standard
concepts, will help make metadata a way of thinking
Problem: Passwords and network security
for all of USACE.
5. Types of media for a given task vary greatly, but
Description
The lack of robust passwords on multi-user com-
all must be reliably backed up to ensure continuity of
puters at most sites would make penetration by deter-
operations.
mined hackers relatively easy.
6. 100-Mb networking is the minimum for reli-
able, fast transfer of files and data. This should be the
standard implemented at all sites.
Solutions
Creation and distribution of passwords should be
7. Information system security is an increasingly
dealt with at the District or Division level by expe-
prominent part of today's network environment. All
rienced system administrators. According to current
sites should have a security manager and SOPs for
standards, passwords should contain a combination of
disaster and intrusion.
numbers and upper- and lowercase letters. Each Oper-
ating Activity should have a trained person who is
responsible for monitoring the health of computer sys-
LITERATURE CITED
tems as well as running intrusion detection software.
The Information Management Directorate, working
Federal Geographic Data Committee (1995) Devel-
closely with the data managers, best performs this
opment of a national geospatial data framework.
function.
FGDC, Washington, D.C.
The Corps of Engineers Automation Plan Net-
Frew, J., et al. (1996) The Alexandria Digital Library
work (CEAPNET) has instituted a network security
testbed. D-Lib Magazine, July/August.
architecture to help prevent intrusion by hackers and
Holh, P., Ed. (1998) GIS data conversion, strategies,
provide an added level of security. As with most
techniques and management. In Finding the Forest
security measures in the computer field, this archi-
for the Trees: The Challenge of Combining Diverse
tecture should not be viewed as the only precautions
Environmental Data, Selected Case Studies. National
needed. Application of good security procedures and
Research Council.
15
Previous Page
