Torgeir Daler, Roar Gulbrandsen, Birger Melgard and Tornjorn Sjolstad : Ellis Horwood, Market Cross...
-
Upload
keith-jackson -
Category
Documents
-
view
214 -
download
0
Transcript of Torgeir Daler, Roar Gulbrandsen, Birger Melgard and Tornjorn Sjolstad : Ellis Horwood, Market Cross...
Computer Fraud & Security Bulletin September 1989
hardware, or requires a floppy disk to be present at all times. Under any circumstances. Neither should you.
Many vendors use an analogy between books and software packages in their licence agreements. A single copy of the software should only by in use at one place and at one time, just like a book. Many copies of the
software can exist (for backup purposes), but cannot be in use simultaneously. Such schemes sound eminently fair to all concerned, and software developers will eventually come to terms with this.
After all how many book publishers do you
know that print books on paper with faint ink that cannot be photocopied? Any publisher who suggested it would immediately find sales plummeting.
Legal remedies are available to help prevent distribution of software in a manner
that contravenes the vendor’s licence agreement. Such remedies should be used in preference to the mirage offered by software copy protection, which only temporarily solves the problem of illegal copies, and does so at the users expense.
Keith Jackson
BOOK REVIEWS
SECURITY OF INFORMATION AND DATA
Title: Torgeir Daler, Roar Gulbrandsen, Birger Melgard and Tornjorn Sjolstad.
ISBN: o-7458-0575-2
Publisher: Ellis Horwood, Market Cross House, Cooper Street, Chichester, West Sussex PO1 9 1 EB, UK.
Price: f 19.95 (133 pages, hardback)
This book is translated from the original Norwegian, and the translator (unnamed) is to be congratulated, as I did not een notive the Norwegian origins of the book until I was some way into it. Many of the examples quoted refer to Norway and Sweden, but this does not detract from the book. Their computer security problems seem very similar to those encountered elsewhere in the world.
With only 133 pages covering the whole of computer security, no one subject is covered in great depth, and in places the book is hardly more than a series of checklists. Consequently much of the content is very diluted. Paradoxically, this does not contradict the stated aim of the book, which is to “survey some central areas within the field of information security”.
The book makes very dry reading. Nothing is particularly wrong with the content,
it’s just presented in a very uninteresting manner. In short it’s boring.
A couple of snippets stand out from the rest of the book.
The section entitled “Physical characteristics” describes various research projects which aim to identify individual humans from one or more of fingerprints,
voiceprints, hand geometry and signature verification. Also included in this list are “lip prints”. I find this an amazing concept.
Imagine having to kiss a small box on the door before being allowed access to the computer room. Goodness only knows what
sort of pictures would be attached to such a device. Somehow I doubt that this will provide socially acceptable.
The section on computer crime provides
some fascinating statistics from the USA. Only
1 out of 100 cases of computer crime are
detected, only 1 out of 8 is prosecuted, and
only 1 out of 33 prosecuted computer crimes result in a prison sentence. Therefore the
likelihood that a computer crime will result in a
10 01989 Elsevier Science Publishers Ltd
September 1989 Computer Fraud & Security Bulletin
prison sentence is a 1 in 26 400 chance. The
same source is quoted at placing the average
value of a computer crime as US$400 000
versus US$SOOO US dollars for an
old-fashioned bank robbery. Unfortunately the
source of this information is not named, but it
illustrated concisely the reasons why people
are attracted to computer crime.
This book is not really one to recommend.
There are many other books covering the
same ground which make far better reading.
Keith Jackson
EVENTS
CONCEPTS IN HARMONY: THE 35TH ASIS ANNUAL SEMINAR
September 1 l-l 4, 1989. Location:
Nashville, Tennessee, USA. Contact:
American Society for Industrial Security, 1655 N. Fort Myer Drive, Suite 1200, Arlington, VA
22209, USA; tel: 703 522 5800; fax: 703 243
4954.
THE NINTH ANNUAL CONFERENCE ON CONTROL, AUDIT AND SECURITY OF IBM SYSTEMS
September 18-21, 1989. Contact: Russell
Bennett, MIS Training Institute, 498 Concord
Street, Framingham, Massachusetts
01701 ,USA; tel: 508 879 7999; fax: 508 872
1153.
INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY
October 3-5, 1989. Location: Zurich, Switzerland. Contact: P. de Bruyne, ETH
Zentrum-KT, CH8092 Zurich, Switzerland; tel: +l 1 256 2792; fax: +l 1 262 0943.
THE 12TH NATIONAL COMPUTER SECURITY CONFERENCE
October 1 O-l 3, 1989. Location: BaltimoreJJSA. Contact: Irene E. Gilbert, National Computer Systems Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899, USA; tel: 301 975 3360.
THE SIXTH COMPSEC CONFERENCE AND EXHIBITION
October 11-l 3,1989, held in conjunction with the EDP Auditors Association European
Conference. Location:London, UK. Contact:Penny Moon, Elsevier Seminars, Mayfield House, 256 Banbury Road, Oxford OX2 7DH, UK; tel: +44 (0)865 51222; fax: +44
(0)865 3 10981.
THE 15TH ANNUAL COMPUTER SECURITY CONFERENCE OF THE COMPUTER SECURITY INSTITUTE
November 13-l 6, 1989. Location: Atlanta, Georgia, USA. Contact: Computer Security Institute, 360 Church Street,Northborough,Massachusetts 01532,USA; tel: 508 393 2600.
SURVEILLANCE EXPO ‘89
December 12-l 5,1989. Location: Washington DC, USA. Contact: Carl
Meadows,Surveillance Expo ‘89, 1950A Airport Road, Naples, Florida 33942-4359, USA; tel: 813 643 2727; fax: 813 643 6162. Telex: 4955146.
01989 Elsevier Science Publishers Ltd 11