Developing legal risks in multimedia

Embed Size (px)

Text of Developing legal risks in multimedia

  • COMPSEC 95 Paper Abstracts

    information. In the face ofincreasing insider trading and industrial espionage, this paper describes how business can exploit, in open systems products, technology previously available only to spooks.

    Title: Client Server - Promises, Problems and Solutions

    Author: P.J. Corum, The Corum Group

    STREAM 2: Comms Security

    Title: Dial Thru Fraud the Ramifications for a Business

    Author: Tom Mulhall, BT

    Title: X.400 Security: Current and Future Usage Author: John Hughes, Bull Information Systems

    The ITU/CCITT X.400 standard detines a very rich set of securitv functions. What the standard does not define is what should be implemented for a given environment and how should it be implemented. Func- tional Profiles are being developed that go some way to resolving this problem. This paper gives an overview of the security features of X.400 and describes the dif- ference between the end to end and peer to peer strategies for implementing security. It will also describe the US defined Message Security Protocol (MSP) tech- nique of encapsulating the original X.400 contents into a new enciphered contents. The MSP approach is gain- ing favour in a number of countries.

    This type of fraud is of particular interest in todays communication lead world. Particularly, as the Hacker of old appears to have migrated in the direction of PBX/Switch manipulation. The object being to obtain free voice/data services. Unfortunately, there is no such thing as a free telephone call! This session will cover:

    l Explanation of Dial Thru Fraud.

    l How fraudsters obtain the relevant information.

    @The effects such a fraud can have on a business.

    l Security measures a business should consider.

    Title: Wireless Network Security Author: Charles Cresson Wood, Information Integrity


    Before your organization implements wireless such as wireless LANs, paging systems, cellular mobile data, personal digital assistants with wireless capabilities, spe- cialized mobile radio, wireless packet networks and satellite networks, it should consider the special security problems these new technologies present. These include ease of intercepting transmitted information (including passwords), the ability to readily spoof a remote device, and the denial of service due to electro-magnetic inter- ference. This presentation will discuss the special risks of these new technologies, how you can prevent and mitigate these risks, the most important wireless net- work control measures, and the functional characteristics of current market offerings. No back- ground in the technical aspects of wireless networking is assumed.

    Title: The Impact of ATM on Security in the Data Network

    Author: Lesley Hanson, Cabletron Systems

    This paper reviews the more recent developments in the ATM Forum relative to designing data networks for security. The impact of Policy Management, and its relationship to distributed management and control of the proposed ATM based Virtual Networks, as debated in the emerging MPOA standard are discussed and practical implementation and design consideration- s considered.

    Title: Physical Layer Network Security: What your LAN can do for you

    Author: David Banes, 3-COM

    STREAM 3 (a.m.): Multimedia

    Title: CD-ROM Security Issues Author: Peter Newman, C-Dilla

    Title: Developing Legal Risks in Multimedia Author: Alistair Kelman

    The development of multimedia products is always slowed and often stopped by the need to get copyright clearance from each of the contributors to the work. Differences in national laws on copyright and authors rights seriously hinder the development of the new


  • Computers & Security, Vol. 14, No. 5

    multimedia industries. This presentation will focus upon the problems and the emerging solutions that are being proposed within Europe.

    STREAM 3 (p.m.): Directors Briefing

    Title: Facing the Challenge of IT Security Author: Martin Smith, Kroll Associates

    Information is a vital business resource. Protection of that information, most apparent in the need for IT security, is a business issue, not a technical one. The solutions are, in the main, business solutions, not tech- nical ones. Responsibility for IT security rests with senior management. It must not be ignored, nor must it 1~ left in the hands of those who may not have the knowledge, authority, resource or motivation to address it satisfxtorily.

    Title: IT Security - An Implementation Strategy

    Author: Rod Parkin, Midland Bank

    Title: Business Continuity Planning Author: John Sherwood, Sherwood Associates

    Title: An International Perspective on IT Security

    Author: Judith Vince,Thc Rothschild Group

    The paper examines the legal aspects of information security and copyright laws, as well as security infra- structure, IT security policies, security catalysts, new challenges, trends in security threats and responses to todays requirements and tomorrows world.

    STREAM 4 (a.m.): Disaster Recovery

    Title: The Changing Rises Associated with Computer Systems as Reflected by Disaster Recovery Experience

    Author: Frank Taylor, Systems Technology Consultants

    Distributed computing in association with Interna- tional/European and de facto standardization has r.ldicall?, changed the risks associated with computing svstems. Based on more than eighty case histories inves- tjgatcd over 1 J ye.u-s this presentation will show that

    risks associated with hardware, system software and data losses are reducing rapidly, whilst losses associated with human behaviour, viruses and other forms ofmisuse arc coming into increasing focus.

    Title: Why Waste Money on Disaster Recovery Author: Andrew Hiles, Kingswell Partnership

    A disaster will never happen to me - so why spend money on pre\renting it? In any cast, 1 have insur- ance...... Yes, it is easy to waste money on disaster recovery. This session will demonstrate how to avoid throwing money at a problem that may never happen; how to justify spend in terms of day-to-day business benefit; how to get the best possible leverage from your investment in disaster recovery; how to turn disaster recovery into a corporate asset that can glvc real con- petitive edge.

    STREAM 4 (p.m.): IT Audit

    Title: Marketing Information Systems Audit Author: Alan Krull, Business and Professional


    Marketing starts with discovering what customers want. It is not huckstering; it is not selling what you have. Marketing allo\xps clients to buy into audit, so that prudent business practices and positive control become part of the job and an aid to the client.

    Threats and the use of power get compliance, but they dont get understanding of and commitment to good practice. You dont need cajoling, surveillance or threats to get you to lock your house or car. Can this kind of commitment be transferred to the business environ- ment!

    Topics and sub-topics: How to get the educated opinion and judgement of senior management, when they are &gnorant (not stupid) on the subject. Customer scrvicc: how people (and audit departments) arc incented to give bad service; whey you cannot measure aspects of good service; why the measuring procc>ss itself m,ly negatively impact the prrccption of service; telephone calls ti-om hell. User-friendly audits (not an oxymoron) and dumb rules. Pseudo-requirements - whatever happened to the Dutch East India Company? Title: Automated Audit - Tools & Techniques