- Email: [email protected]
Corporate governance & IT
COMPSEC
‘96 Paper Abstracts
divest, joint venture, enter into strategic merge, partnerships and outsource key business functions,a host of new systems security issues are confronting management. This session will look at the issues and alternatives to minimizing the associated risks.
Title:
Author:
SALSA: A Method for Developing the Enterprise Security Architecture and Strategy John Sherwood
Many organizations now wish to avoid the costly and inefficient results ofimplementing information security solutions on a piecemeal basis. Instead they are seeking a way forward which provides them with an enterprise security architecture and an information security strategy which meets the requirements of their business over a two to five year time horizon.This paper describes a practical method by which this can be achieved.
Title: Author:
Corporate Governance & IT Chris Hurford, Audit Commission
Corporate Governance is high on the agenda for senior management, directors and non-executive directors throughout many public and private sector organizations. In striving for high standards of accountability and integrity, the management board is encouraged to ensure that systems of internal control and an effective internal audit are established. But have organizations responded to the need for an internal audit resource which can address present day and future IT initiatives and take account of the increasing threats caused by IT? A survey undertaken earlier this year within the public sector suggested that IT audit was still an underdeveloped skill in many organizations and that senior management may not be aware of the situation. This paper explores the attitudes of management towards IT audit and its ability to respond to a corporate governance climate.
STREAM 3: Encryption Title: Authou:
Fundamental DES Design Concepts Carl Meyer, IBM
An IBM developed
406
algorithm
was adopted
in 1977 as a
national standard: the Data Encryption Standard, or DES. Although the entire algorithm was made available to the public, the design considerations were not published many people speculated that the lack ofdisclosure was due to some ‘trapdoor’ or hidden weakness in the DES. One of the purposes of this paper is to dispel this notion. In fact, the criteria were not published in order not to reveal the techniques of differential cryptanalysis, thus weakening the competitive advantage which the United States enjoyed in the field of cryptography.
Title: Author:
Crypt0 System Initialization: Simplifying the Distribution of Initial Keys Carl Meyer, IBM
With the growth of communications networks and the increasing use of data processing systems by external parties, protection of information has become of paramount importance necessitating the use of cryptography. To commence crypt0 operations it is required to provide a starting point in the form of initial cryptographic keys. Such an initialization often represents a major administrative problem. This paper addresses these problems and at the same time investigates how simplifications can be achieved. After a short overview of cryptographic confidentiality/authentication operations (DES, RSA, MAC, DIG.SIG.) different initial key distribution schemes and the requirements for courierless methods are discussed. Finally, a fully automated procedure, taking advantage of Public Key Cryptography is presented.
STREAM 4 (a.m.): Viruses Title: Author:
Internet = Virusnet? Dr. David Aubrey-Jones,
Reflex
Magnetics
It is popularly supposed that the main threat of computer viruses today is the Internet. This supposition will be evaluated in the light of virus incident reports and statistics, and recent technical developments, and a virus threat analysis constructed. Is the Internet safe, and can it be used for business? What precautions can be taken and what tools are available to ensure that connection to the Internet does not result in virus infections and data corruption? Lastly, possible future threats and virus developments will be examined.
‘96 Paper Abstracts
divest, joint venture, enter into strategic merge, partnerships and outsource key business functions,a host of new systems security issues are confronting management. This session will look at the issues and alternatives to minimizing the associated risks.
Title:
Author:
SALSA: A Method for Developing the Enterprise Security Architecture and Strategy John Sherwood
Many organizations now wish to avoid the costly and inefficient results ofimplementing information security solutions on a piecemeal basis. Instead they are seeking a way forward which provides them with an enterprise security architecture and an information security strategy which meets the requirements of their business over a two to five year time horizon.This paper describes a practical method by which this can be achieved.
Title: Author:
Corporate Governance & IT Chris Hurford, Audit Commission
Corporate Governance is high on the agenda for senior management, directors and non-executive directors throughout many public and private sector organizations. In striving for high standards of accountability and integrity, the management board is encouraged to ensure that systems of internal control and an effective internal audit are established. But have organizations responded to the need for an internal audit resource which can address present day and future IT initiatives and take account of the increasing threats caused by IT? A survey undertaken earlier this year within the public sector suggested that IT audit was still an underdeveloped skill in many organizations and that senior management may not be aware of the situation. This paper explores the attitudes of management towards IT audit and its ability to respond to a corporate governance climate.
STREAM 3: Encryption Title: Authou:
Fundamental DES Design Concepts Carl Meyer, IBM
An IBM developed
406
algorithm
was adopted
in 1977 as a
national standard: the Data Encryption Standard, or DES. Although the entire algorithm was made available to the public, the design considerations were not published many people speculated that the lack ofdisclosure was due to some ‘trapdoor’ or hidden weakness in the DES. One of the purposes of this paper is to dispel this notion. In fact, the criteria were not published in order not to reveal the techniques of differential cryptanalysis, thus weakening the competitive advantage which the United States enjoyed in the field of cryptography.
Title: Author:
Crypt0 System Initialization: Simplifying the Distribution of Initial Keys Carl Meyer, IBM
With the growth of communications networks and the increasing use of data processing systems by external parties, protection of information has become of paramount importance necessitating the use of cryptography. To commence crypt0 operations it is required to provide a starting point in the form of initial cryptographic keys. Such an initialization often represents a major administrative problem. This paper addresses these problems and at the same time investigates how simplifications can be achieved. After a short overview of cryptographic confidentiality/authentication operations (DES, RSA, MAC, DIG.SIG.) different initial key distribution schemes and the requirements for courierless methods are discussed. Finally, a fully automated procedure, taking advantage of Public Key Cryptography is presented.
STREAM 4 (a.m.): Viruses Title: Author:
Internet = Virusnet? Dr. David Aubrey-Jones,
Reflex
Magnetics
It is popularly supposed that the main threat of computer viruses today is the Internet. This supposition will be evaluated in the light of virus incident reports and statistics, and recent technical developments, and a virus threat analysis constructed. Is the Internet safe, and can it be used for business? What precautions can be taken and what tools are available to ensure that connection to the Internet does not result in virus infections and data corruption? Lastly, possible future threats and virus developments will be examined.