Computer Fraud & Security Bulletin September 1989

hardware, or requires a floppy disk to be present at all times. Under any circumstances. Neither should you.

Many vendors use an analogy between books and software packages in their licence agreements. A single copy of the software should only by in use at one place and at one time, just like a book. Many copies of the

software can exist (for backup purposes), but cannot be in use simultaneously. Such schemes sound eminently fair to all concerned, and software developers will eventually come to terms with this.

After all how many book publishers do you

know that print books on paper with faint ink that cannot be photocopied? Any publisher who suggested it would immediately find sales plummeting.

Legal remedies are available to help prevent distribution of software in a manner

that contravenes the vendor’s licence agreement. Such remedies should be used in preference to the mirage offered by software copy protection, which only temporarily solves the problem of illegal copies, and does so at the users expense.

Keith Jackson

BOOK REVIEWS

SECURITY OF INFORMATION AND DATA

Title: Torgeir Daler, Roar Gulbrandsen, Birger Melgard and Tornjorn Sjolstad.

ISBN: o-7458-0575-2

Publisher: Ellis Horwood, Market Cross House, Cooper Street, Chichester, West Sussex PO1 9 1 EB, UK.

Price: f 19.95 (133 pages, hardback)

This book is translated from the original Norwegian, and the translator (unnamed) is to be congratulated, as I did not een notive the Norwegian origins of the book until I was some way into it. Many of the examples quoted refer to Norway and Sweden, but this does not detract from the book. Their computer security problems seem very similar to those encountered elsewhere in the world.

With only 133 pages covering the whole of computer security, no one subject is covered in great depth, and in places the book is hardly more than a series of checklists. Consequently much of the content is very diluted. Paradoxically, this does not contradict the stated aim of the book, which is to “survey some central areas within the field of information security”.

The book makes very dry reading. Nothing is particularly wrong with the content,

it’s just presented in a very uninteresting manner. In short it’s boring.

A couple of snippets stand out from the rest of the book.

The section entitled “Physical characteristics” describes various research projects which aim to identify individual humans from one or more of fingerprints,

voiceprints, hand geometry and signature verification. Also included in this list are “lip prints”. I find this an amazing concept.

Imagine having to kiss a small box on the door before being allowed access to the computer room. Goodness only knows what

sort of pictures would be attached to such a device. Somehow I doubt that this will provide socially acceptable.

The section on computer crime provides

some fascinating statistics from the USA. Only

1 out of 100 cases of computer crime are

detected, only 1 out of 8 is prosecuted, and

only 1 out of 33 prosecuted computer crimes result in a prison sentence. Therefore the

likelihood that a computer crime will result in a

10 01989 Elsevier Science Publishers Ltd

September 1989 Computer Fraud & Security Bulletin

prison sentence is a 1 in 26 400 chance. The

same source is quoted at placing the average

value of a computer crime as US$400 000

versus US$SOOO US dollars for an

old-fashioned bank robbery. Unfortunately the

source of this information is not named, but it

illustrated concisely the reasons why people

are attracted to computer crime.

This book is not really one to recommend.

There are many other books covering the

same ground which make far better reading.

Keith Jackson

EVENTS

CONCEPTS IN HARMONY: THE 35TH ASIS ANNUAL SEMINAR

September 1 l-l 4, 1989. Location:

Nashville, Tennessee, USA. Contact:

American Society for Industrial Security, 1655 N. Fort Myer Drive, Suite 1200, Arlington, VA

22209, USA; tel: 703 522 5800; fax: 703 243

4954.

THE NINTH ANNUAL CONFERENCE ON CONTROL, AUDIT AND SECURITY OF IBM SYSTEMS

September 18-21, 1989. Contact: Russell

Bennett, MIS Training Institute, 498 Concord

Street, Framingham, Massachusetts

01701 ,USA; tel: 508 879 7999; fax: 508 872

1153.

INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY

October 3-5, 1989. Location: Zurich, Switzerland. Contact: P. de Bruyne, ETH

Zentrum-KT, CH8092 Zurich, Switzerland; tel: +l 1 256 2792; fax: +l 1 262 0943.

THE 12TH NATIONAL COMPUTER SECURITY CONFERENCE

October 1 O-l 3, 1989. Location: BaltimoreJJSA. Contact: Irene E. Gilbert, National Computer Systems Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899, USA; tel: 301 975 3360.

THE SIXTH COMPSEC CONFERENCE AND EXHIBITION

October 11-l 3,1989, held in conjunction with the EDP Auditors Association European

Conference. Location:London, UK. Contact:Penny Moon, Elsevier Seminars, Mayfield House, 256 Banbury Road, Oxford OX2 7DH, UK; tel: +44 (0)865 51222; fax: +44

(0)865 3 10981.

THE 15TH ANNUAL COMPUTER SECURITY CONFERENCE OF THE COMPUTER SECURITY INSTITUTE

November 13-l 6, 1989. Location: Atlanta, Georgia, USA. Contact: Computer Security Institute, 360 Church Street,Northborough,Massachusetts 01532,USA; tel: 508 393 2600.

SURVEILLANCE EXPO ‘89

December 12-l 5,1989. Location: Washington DC, USA. Contact: Carl

Meadows,Surveillance Expo ‘89, 1950A Airport Road, Naples, Florida 33942-4359, USA; tel: 813 643 2727; fax: 813 643 6162. Telex: 4955146.

01989 Elsevier Science Publishers Ltd 11