- Email: [email protected]
Contingency planning
-
TRADE SECRETS FOR SALE
10
-
Who will be the largest manufacturer of computerised office equipment in ten years time? IBM? DEC? Burroughs, Honeywell or Hewlett Packard? The chances are none of them. The giant Exxon Corporation is already making tremendous strides in this area, and has some notable successes to its credit. Bike any high flying company, Exxon's business secrets are attractive to competitors. A couple of months ago a man called Orion N Briel, who used to work as Manager, Marketing Publications for Exxon's word processing subsidiary QYX was filmed by the FBI while trying to sell the plans of unreleased 'Hornet' product lines to a person Brie1 believed to work for IBM.
FBI aZerted
On 14 August 1980, Brie1 had written to Dan McGlaughlin, IBM's Vice President in New Jersey, offering to sell, at an undisclosed price, certain of QYX's product plans. IBM quickly alerted Exxon's security division and in turn the FBI. The FBI set up the meeting, with one of their officers posing as an IBM employee. Brie1 fell into the trap and showed the man detailed plans and specifications for the Hornet information processing systems, then asked for $100 000. He now awaits trial on charges of theft, and misappropriation. One wonders just how successful Brie1 would have been had he approached a communist bloc manufacturer rather than IBM, or if he had offered his services as a consultant to a small Far Eastern Office products firm. History is littered with people in situations such as Briel's. It is a reassuring fact that the major companies are scrupulously honest when offered trade secrets belonging to a competitor. As in so many frauds, it is in the element of conversion that a thief or fraudsman is exposed to the greatest risk.
CONTINGENCY PLANNING
In a recent opinion poll, groups of Europeans were asked questions along the lines "DO you think 1981 will be better, the same, or worse than 1980?" Surprisingly, large numbers of Britains thought 1981 would be better - perhaps because 1980 was so bad that anything would be an improvement? In any case, this attitude perhaps explains the fact that recent seminars on contingency planning by the Computer Security Institute were a failure in the UK and yet an overwhelming success in Holland: The UK seminar was cancelled through lack of support; in Holland it was held three times. The organisers report that they have been invited to conduct a number of specially tailored 'in-house' sessions for leading Dutch and Belgian companies.
Encouraging response
Gerry Isaacson, Computer Security Institute's head of training, was the principal speaker, supported 'by his assistant Toni Fish. It was the first time that Computer Security Institute's team has landed en masse this side of the Atlantic, and their efforts were very highly rated. So encouraging was the response that Isaacson is considering the possibility of starting a European Chapter of CSI. Mr Isaacson has an impressive track record, having joined CSI from a senior job with the Federal Reserve Bank of New York, where he
Volume 3 Number 2
@
Elsewer
Sequaa
SA, Lausanne.
Switzerland
-
11
-
was in charge of EFT security as well as contingency planning. He is just the sort of gimlet-eyed professional who can convince even the most optimistic operator that there could be a problem - but he can also produce the answers. He admits to a hobby of painting individual eyelashes and individual teeth on two inch high model the attention to detail in his seminars is similar. soldiers: Documentation is to an extremely high standard and the seminars leave plenty of time for workshop sessions and informal discussions.
Course
outline
The material covered in the two days is wide ranging. The objectives of the course and one of the tables are reproduced below. COURSE OBJECTIVES * The need for a disaster recovery plan. * Fundamental elements of a plan * Alternative approaches to recovery * Developing the plan: Risk analysis Components of the plan Participants in the process * Selling the plan to management * Commercial service offerings * Implementation considerations Mr Isaacson will be back in Europe later this year. Readers who have not already addressed the issue of contingency planning are strongly advised to attend one of his sessions. Further details can be obtained from Computer Secruity Institute, Educational Resource Centre, Five Kane Industrial Drive, Hudson, Massachussetts, 01749; Tel: (617) 562 7311.
STRUCTURED ANALYSIS
Most computer people would agree that a thorough system of development, high levels of user involvement and clear and well written documentation all add to security, and minimize the chance of mistakes. One of the best systems of flow charting, analysis, design and implementation of new applications is produced by Improved Systems Technology Inc which has offices at 21 Princes Street, London (01 493 8396) and in Gland, Switzerland (22. 64 25 55) * The system is called Stradis. A one-day Management Overview is scheduled in London for 5 February 1981. The fee is El00 per delegate and subjects include: 1. 2. 3. 4. 5. 6. 7. 8.
Brief review of 'structured technologies'; Why have a system development methodology? Roles and reporting structures in system development: Project flow charts: New development v maintenance; Installing a package; Impact on project management; Installing methodology.
COMB= Volume 3 Number 2
@
Ekevier
Sequoia
SA. Lausanne,
Switzerland.
TRADE SECRETS FOR SALE
10
-
Who will be the largest manufacturer of computerised office equipment in ten years time? IBM? DEC? Burroughs, Honeywell or Hewlett Packard? The chances are none of them. The giant Exxon Corporation is already making tremendous strides in this area, and has some notable successes to its credit. Bike any high flying company, Exxon's business secrets are attractive to competitors. A couple of months ago a man called Orion N Briel, who used to work as Manager, Marketing Publications for Exxon's word processing subsidiary QYX was filmed by the FBI while trying to sell the plans of unreleased 'Hornet' product lines to a person Brie1 believed to work for IBM.
FBI aZerted
On 14 August 1980, Brie1 had written to Dan McGlaughlin, IBM's Vice President in New Jersey, offering to sell, at an undisclosed price, certain of QYX's product plans. IBM quickly alerted Exxon's security division and in turn the FBI. The FBI set up the meeting, with one of their officers posing as an IBM employee. Brie1 fell into the trap and showed the man detailed plans and specifications for the Hornet information processing systems, then asked for $100 000. He now awaits trial on charges of theft, and misappropriation. One wonders just how successful Brie1 would have been had he approached a communist bloc manufacturer rather than IBM, or if he had offered his services as a consultant to a small Far Eastern Office products firm. History is littered with people in situations such as Briel's. It is a reassuring fact that the major companies are scrupulously honest when offered trade secrets belonging to a competitor. As in so many frauds, it is in the element of conversion that a thief or fraudsman is exposed to the greatest risk.
CONTINGENCY PLANNING
In a recent opinion poll, groups of Europeans were asked questions along the lines "DO you think 1981 will be better, the same, or worse than 1980?" Surprisingly, large numbers of Britains thought 1981 would be better - perhaps because 1980 was so bad that anything would be an improvement? In any case, this attitude perhaps explains the fact that recent seminars on contingency planning by the Computer Security Institute were a failure in the UK and yet an overwhelming success in Holland: The UK seminar was cancelled through lack of support; in Holland it was held three times. The organisers report that they have been invited to conduct a number of specially tailored 'in-house' sessions for leading Dutch and Belgian companies.
Encouraging response
Gerry Isaacson, Computer Security Institute's head of training, was the principal speaker, supported 'by his assistant Toni Fish. It was the first time that Computer Security Institute's team has landed en masse this side of the Atlantic, and their efforts were very highly rated. So encouraging was the response that Isaacson is considering the possibility of starting a European Chapter of CSI. Mr Isaacson has an impressive track record, having joined CSI from a senior job with the Federal Reserve Bank of New York, where he
Volume 3 Number 2
@
Elsewer
Sequaa
SA, Lausanne.
Switzerland
-
11
-
was in charge of EFT security as well as contingency planning. He is just the sort of gimlet-eyed professional who can convince even the most optimistic operator that there could be a problem - but he can also produce the answers. He admits to a hobby of painting individual eyelashes and individual teeth on two inch high model the attention to detail in his seminars is similar. soldiers: Documentation is to an extremely high standard and the seminars leave plenty of time for workshop sessions and informal discussions.
Course
outline
The material covered in the two days is wide ranging. The objectives of the course and one of the tables are reproduced below. COURSE OBJECTIVES * The need for a disaster recovery plan. * Fundamental elements of a plan * Alternative approaches to recovery * Developing the plan: Risk analysis Components of the plan Participants in the process * Selling the plan to management * Commercial service offerings * Implementation considerations Mr Isaacson will be back in Europe later this year. Readers who have not already addressed the issue of contingency planning are strongly advised to attend one of his sessions. Further details can be obtained from Computer Secruity Institute, Educational Resource Centre, Five Kane Industrial Drive, Hudson, Massachussetts, 01749; Tel: (617) 562 7311.
STRUCTURED ANALYSIS
Most computer people would agree that a thorough system of development, high levels of user involvement and clear and well written documentation all add to security, and minimize the chance of mistakes. One of the best systems of flow charting, analysis, design and implementation of new applications is produced by Improved Systems Technology Inc which has offices at 21 Princes Street, London (01 493 8396) and in Gland, Switzerland (22. 64 25 55) * The system is called Stradis. A one-day Management Overview is scheduled in London for 5 February 1981. The fee is El00 per delegate and subjects include: 1. 2. 3. 4. 5. 6. 7. 8.
Brief review of 'structured technologies'; Why have a system development methodology? Roles and reporting structures in system development: Project flow charts: New development v maintenance; Installing a package; Impact on project management; Installing methodology.
COMB= Volume 3 Number 2
@
Ekevier
Sequoia
SA. Lausanne,
Switzerland.