COMPSEC 95 Paper Abstracts
information. In the face ofincreasing insider trading and industrial espionage, this paper describes how business can exploit, in open systems products, technology previously available only to spooks.
Title: Client Server - Promises, Problems and Solutions
Author: P.J. Corum, The Corum Group
STREAM 2: Comms Security
Title: Dial Thru Fraud the Ramifications for a Business
Author: Tom Mulhall, BT
Title: X.400 Security: Current and Future Usage Author: John Hughes, Bull Information Systems
The ITU/CCITT X.400 standard detines a very rich set of securitv functions. What the standard does not define is what should be implemented for a given environment and how should it be implemented. Func- tional Profiles are being developed that go some way to resolving this problem. This paper gives an overview of the security features of X.400 and describes the dif- ference between the end to end and peer to peer strategies for implementing security. It will also describe the US defined Message Security Protocol (MSP) tech- nique of encapsulating the original X.400 contents into a new enciphered contents. The MSP approach is gain- ing favour in a number of countries.
This type of fraud is of particular interest in todays communication lead world. Particularly, as the Hacker of old appears to have migrated in the direction of PBX/Switch manipulation. The object being to obtain free voice/data services. Unfortunately, there is no such thing as a free telephone call! This session will cover:
l Explanation of Dial Thru Fraud.
l How fraudsters obtain the relevant information.
@The effects such a fraud can have on a business.
l Security measures a business should consider.
Title: Wireless Network Security Author: Charles Cresson Wood, Information Integrity
Before your organization implements wireless such as wireless LANs, paging systems, cellular mobile data, personal digital assistants with wireless capabilities, spe- cialized mobile radio, wireless packet networks and satellite networks, it should consider the special security problems these new technologies present. These include ease of intercepting transmitted information (including passwords), the ability to readily spoof a remote device, and the denial of service due to electro-magnetic inter- ference. This presentation will discuss the special risks of these new technologies, how you can prevent and mitigate these risks, the most important wireless net- work control measures, and the functional characteristics of current market offerings. No back- ground in the technical aspects of wireless networking is assumed.
Title: The Impact of ATM on Security in the Data Network
Author: Lesley Hanson, Cabletron Systems
This paper reviews the more recent developments in the ATM Forum relative to designing data networks for security. The impact of Policy Management, and its relationship to distributed management and control of the proposed ATM based Virtual Networks, as debated in the emerging MPOA standard are discussed and practical implementation and design consideration- s considered.
Title: Physical Layer Network Security: What your LAN can do for you
Author: David Banes, 3-COM
STREAM 3 (a.m.): Multimedia
Title: CD-ROM Security Issues Author: Peter Newman, C-Dilla
Title: Developing Legal Risks in Multimedia Author: Alistair Kelman
The development of multimedia products is always slowed and often stopped by the need to get copyright clearance from each of the contributors to the work. Differences in national laws on copyright and authors rights seriously hinder the development of the new
Computers & Security, Vol. 14, No. 5
multimedia industries. This presentation will focus upon the problems and the emerging solutions that are being proposed within Europe.
STREAM 3 (p.m.): Directors Briefing
Title: Facing the Challenge of IT Security Author: Martin Smith, Kroll Associates
Information is a vital business resource. Protection of that information, most apparent in the need for IT security, is a business issue, not a technical one. The solutions are, in the main, business solutions, not tech- nical ones. Responsibility for IT security rests with senior management. It must not be ignored, nor must it 1~ left in the hands of those who may not have the knowledge, authority, resource or motivation to address it satisfxtorily.
Title: IT Security - An Implementation Strategy
Author: Rod Parkin, Midland Bank
Title: Business Continuity Planning Author: John Sherwood, Sherwood Associates
Title: An International Perspective on IT Security
Author: Judith Vince,Thc Rothschild Group
The paper examines the legal aspects of information security and copyright laws, as well as security infra- structure, IT security policies, security catalysts, new challenges, trends in security threats and responses to todays requirements and tomorrows world.
STREAM 4 (a.m.): Disaster Recovery
Title: The Changing Rises Associated with Computer Systems as Reflected by Disaster Recovery Experience
Author: Frank Taylor, Systems Technology Consultants
Distributed computing in association with Interna- tional/European and de facto standardization has r.ldicall?, changed the risks associated with computing svstems. Based on more than eighty case histories inves- tjgatcd over 1 J ye.u-s this presentation will show that
risks associated with hardware, system software and data losses are reducing rapidly, whilst losses associated with human behaviour, viruses and other forms ofmisuse arc coming into increasing focus.
Title: Why Waste Money on Disaster Recovery Author: Andrew Hiles, Kingswell Partnership
A disaster will never happen to me - so why spend money on pre\renting it? In any cast, 1 have insur- ance...... Yes, it is easy to waste money on disaster recovery. This session will demonstrate how to avoid throwing money at a problem that may never happen; how to justify spend in terms of day-to-day business benefit; how to get the best possible leverage from your investment in disaster recovery; how to turn disaster recovery into a corporate asset that can glvc real con- petitive edge.
STREAM 4 (p.m.): IT Audit
Title: Marketing Information Systems Audit Author: Alan Krull, Business and Professional
Marketing starts with discovering what customers want. It is not huckstering; it is not selling what you have. Marketing allo\xps clients to buy into audit, so that prudent business practices and positive control become part of the job and an aid to the client.
Threats and the use of power get compliance, but they dont get understanding of and commitment to good practice. You dont need cajoling, surveillance or threats to get you to lock your house or car. Can this kind of commitment be transferred to the business environ- ment!
Topics and sub-topics: How to get the educated opinion and judgement of senior management, when they are &gnorant (not stupid) on the subject. Customer scrvicc: how people (and audit departments) arc incented to give bad service; whey you cannot measure aspects of good service; why the measuring procc>ss itself m,ly negatively impact the prrccption of service; telephone calls ti-om hell. User-friendly audits (not an oxymoron) and dumb rules. Pseudo-requirements - whatever happened to the Dutch East India Company? Title: Automated Audit - Tools & Techniques