Vol. 10, No. 6, Page 18

copyright and confidentiality, particularly with reference to the Data Protection Act, the reader should not rely on this book alone - if he thinks he has a legal problem, he should seek legal advice.

That said, the book makes a very worthwhile addition to any business library.

Alistair Kelman, Barrister, London

Title: Data Security Reference Guide 1988 Publisher: Sophos Ltd, Haddenham, Aylesbury, Buckinghamshire

HP17 8JD, UK; tel: 0844-292392. Price: f20.00

If you are new to data security, or even if you are simply unsure of what some of the jargon means, this book will be of use to you. It contains an explanation of commonly-used terms in data security, and an explanation of how such concepts are available in current products. Also included are lists of periodicals, recommended books, conferences on data security, IS0 standards, ANSI standards, and the UK Data Protection Act. The book comprises 154 pages, including a very thorough five-page index. The list of periodicals is suitably ordered with Computer Fraud and Security Bulletin at the top!

There are separate chapters covering security strategy, encryption, authentication and secure erasure. The problems posed by Data Viruses, Trojan Horses and Logic Bombs are discussed at length, and advice is given on how to prevent such intruders having a disastrous effect on a computer system. This broadens out into a section devoted to answering commonly-occurring questions about data security, and a section offering advice on how to choose data security products.

I was particularly interested to see six separate case studies included. These provide a short explanation of a particular implementation of a data security technique. For example, one case study describes how an international bank used a public key communications security system to transfer daily reports from offices all over the world to its London headquarters. Public key cryptography was used to ensure that the transferred data was secure against disclosure.

Sophos (the publishers) are vendors of many security products, so it is inevitable that this volume refers to Sophos products for its examples. Indeed over half of the book is concerned with such explanation. This is not a major criticism, as it is inevitable that any author uses as examples the products he is most familiar with. No attempt has been made to disguise the book's origin. In fact, the index thoughtfully refers to products from Sophos in bold letters.

The Data Security Reference Guide deserves what it will no doubt get - a wide circulation. It is clearly written and explains data security concepts in terms that can be understood without technical expertise.

Keith Jackson

0 1988 Elsevier Science Publishers B.V., Amsterdam.i88/$0.00 + 2.20

COMPUTER FRAUD & No part of this publication may be reproduced. stored in a retneval system, or transmitted by dny form or by any

SECURITY BULLETIN means. electronic. mechanical. photocopying. recording or otherwlse. without the pnor permlssmn of the publlshers (Readers in the U.S.A. ~ please see special regulations hsted on back cover.)