Because no computer is 100% secure, a computer facility is only as secure as the people who use it. The limitations of an administrator are directly related to the actions of all individuals involved with the use of computer equipment and its facilities. Although most actions that violate security are easily resolved by careful users or additional equipment, the following list gives examples of problems that can occur:
Users give passwords to other individuals who should not have access to the computer system.
Users write down passwords and lose or leave the passwords in nonsecure locations.
Users set their passwords to easily guessed words or names.
Users learn passwords by watching other users when they enter a password.
Unauthorized users remove, replace, or physically tamper with hardware.
Users leave their workstations or terminals unattended without locking the screen.
Users change the permissions on a file to allow other users to read the file.
Users change the labels on a file to allow other users to read the file.
Users discard sensitive hardcopy documents without shredding them or leave sensitive hardcopy documents in insecure locations.
Users leave access doors unlocked.
Users lose their keys.
Users do not lock up removable storage media.
Computer screens are visible through exterior windows.
Network cables are tapped.
Electronic eavesdropping captures signals emitted from computer equipment.
Power outages, surges, and spikes destroy data.
Earthquakes, floods, tornadoes, hurricanes, and lightning destroy data.
External electromagnetic radiation interference such as sun-spot activity scrambles files.