- Email: [email protected]
Recession puts firms on disaster tightrope
Abstracts of Recent Articles and Literature
routine to warn of things such as code replication substitution. Computenuorld, 7 September 1992, p. 4.
or
Planned privacy law weakened, David Evans. Afier criticisms that they are “unworkable”, proposed data privacy laws for the European Community have been watered-down. A major block is the right of organizations to transfer data to others not governed by privacy laws. Now the legislation has had an overhaul. Key changes are: a) the right to transfer data to countries without privacy laws, provided ‘certain conditions’ are complied with (this applies mainly to the financial and travel companies involved in electronic fY_mdstransfer); b) simplif+ng procedures organizations use to notie authorities before processing personal data; c) allowing direct mail companies to process personal data ‘legitimate interests’, provided that individuals have the chance to remove their names from lists sent to third parties. Computer Weekly, 25 October 2992,p. 1. Project ideas fail to catch $18 million fundingAn IT security advisor to the European Commission, Clive Blatchford, said he had to turn down half the budget he had been allocated for IT projects, because suppliers’ project ideas had not come up to scratch. The EC spending is 5 billion ecu ($6.1 billion) over the next four years on IT security projects. Blat&ford, speaking at a conference in Berlin, organized by KPMG Management Consulting and Datapro, said “We had a very poor response in the area of system administration, which is where the industry should be concentrating its efforts.” Computing, 15 October 1992, p. 8. Recession puts firms on disaster tightrope,jason Hobby. The recession has caused companies to reduce their IT security and recovery budgets, so leaving their businesses unprotected in the event of disaster, says a report from Coopers and Lybrand. Last year the disaster recovery market in the UK showed a 40% decline from E54 million in 1990 to E31.9 million. IBM which runs its own Business Recovery Service says the move to client-server environments has led to a growing gap between the use of modern technology and the understanding of security and recovery. Computer Weekly, 22 October 1992, p. 1. French losses rise sharply, Paul Gannon. According to the French IT security society Clusif - Club de la securite informatique fi-ancais there was a 15.5% jump in losses caused by security breeches last year. The
724
cost was 10.4 billion f+ancs ($2.2 billion), with ‘malevolence’ accounting for 57% of the cost - including diversion of funds, sabotage, economic espionage and data misuse. However, losses due to error have remained level, probably due to the increased experience and knowledge of computer users and developers. Viruses only account for 1% of the cost of the losses. Computer Fraud and Security Bulletin, October 1992,p.3. Lax security at Drug Enforcement Administration, Gary H. A&es. Computer systems are inadequate to safeguard information vital to national security and privacy of people involved in anti-drug abuse, warned the US General Accounting Office. The following claims were made by the Office at a congressional hearing: “extremely lax” controls on access to data and to computers processing sensitive data; sloppy control of passwords, including the use of ‘DEA’ as a default password; cleaning and maintenance personnel without proper security clearances being allowed to work unattended in areas where national security information is processed; no accurate inventory of computers used to process sensitive data. The DEA said it was establishing a security programm e throughout the agency. Computerworld, 5 October 1992,~. 24. Case study: Boston TV station, Tracy Mitchell. WHDH-TV has now been running its LAN for seven years. The LAN now taps into 120 applications, and has everything from personnel information to advertising spots and robotic cameras running on it. Relaxed security could mean the difference between being on the air or off. In the station’s environment employees come and go, applications, hardware and machine control are added regularly and the users themselves are getting more sophisticated. The Novell network has grown from three or four accounting XTs and ATs to more than 150 nodes. The LAN staff decided from the start to keep users away from a DOS prompt, and selected the Saber menuing system for the job. “Hiding a blinking cursor at D: login alleviated user confusion and protected data fi-om prying eyes.” Saber provides ‘gates’ for the NetWare 3.11 operating system to all the information stored on the network. WHDH-TV first defined access rights by departmental timctions and then more extensively to subgroups, user, and network node address levels wherever possible. This multitiered approach sets up additional safety checks into the more critical applications. LAN Times, 14 September 1992, p. 16.
routine to warn of things such as code replication substitution. Computenuorld, 7 September 1992, p. 4.
or
Planned privacy law weakened, David Evans. Afier criticisms that they are “unworkable”, proposed data privacy laws for the European Community have been watered-down. A major block is the right of organizations to transfer data to others not governed by privacy laws. Now the legislation has had an overhaul. Key changes are: a) the right to transfer data to countries without privacy laws, provided ‘certain conditions’ are complied with (this applies mainly to the financial and travel companies involved in electronic fY_mdstransfer); b) simplif+ng procedures organizations use to notie authorities before processing personal data; c) allowing direct mail companies to process personal data ‘legitimate interests’, provided that individuals have the chance to remove their names from lists sent to third parties. Computer Weekly, 25 October 2992,p. 1. Project ideas fail to catch $18 million fundingAn IT security advisor to the European Commission, Clive Blatchford, said he had to turn down half the budget he had been allocated for IT projects, because suppliers’ project ideas had not come up to scratch. The EC spending is 5 billion ecu ($6.1 billion) over the next four years on IT security projects. Blat&ford, speaking at a conference in Berlin, organized by KPMG Management Consulting and Datapro, said “We had a very poor response in the area of system administration, which is where the industry should be concentrating its efforts.” Computing, 15 October 1992, p. 8. Recession puts firms on disaster tightrope,jason Hobby. The recession has caused companies to reduce their IT security and recovery budgets, so leaving their businesses unprotected in the event of disaster, says a report from Coopers and Lybrand. Last year the disaster recovery market in the UK showed a 40% decline from E54 million in 1990 to E31.9 million. IBM which runs its own Business Recovery Service says the move to client-server environments has led to a growing gap between the use of modern technology and the understanding of security and recovery. Computer Weekly, 22 October 1992, p. 1. French losses rise sharply, Paul Gannon. According to the French IT security society Clusif - Club de la securite informatique fi-ancais there was a 15.5% jump in losses caused by security breeches last year. The
724
cost was 10.4 billion f+ancs ($2.2 billion), with ‘malevolence’ accounting for 57% of the cost - including diversion of funds, sabotage, economic espionage and data misuse. However, losses due to error have remained level, probably due to the increased experience and knowledge of computer users and developers. Viruses only account for 1% of the cost of the losses. Computer Fraud and Security Bulletin, October 1992,p.3. Lax security at Drug Enforcement Administration, Gary H. A&es. Computer systems are inadequate to safeguard information vital to national security and privacy of people involved in anti-drug abuse, warned the US General Accounting Office. The following claims were made by the Office at a congressional hearing: “extremely lax” controls on access to data and to computers processing sensitive data; sloppy control of passwords, including the use of ‘DEA’ as a default password; cleaning and maintenance personnel without proper security clearances being allowed to work unattended in areas where national security information is processed; no accurate inventory of computers used to process sensitive data. The DEA said it was establishing a security programm e throughout the agency. Computerworld, 5 October 1992,~. 24. Case study: Boston TV station, Tracy Mitchell. WHDH-TV has now been running its LAN for seven years. The LAN now taps into 120 applications, and has everything from personnel information to advertising spots and robotic cameras running on it. Relaxed security could mean the difference between being on the air or off. In the station’s environment employees come and go, applications, hardware and machine control are added regularly and the users themselves are getting more sophisticated. The Novell network has grown from three or four accounting XTs and ATs to more than 150 nodes. The LAN staff decided from the start to keep users away from a DOS prompt, and selected the Saber menuing system for the job. “Hiding a blinking cursor at D: login alleviated user confusion and protected data fi-om prying eyes.” Saber provides ‘gates’ for the NetWare 3.11 operating system to all the information stored on the network. WHDH-TV first defined access rights by departmental timctions and then more extensively to subgroups, user, and network node address levels wherever possible. This multitiered approach sets up additional safety checks into the more critical applications. LAN Times, 14 September 1992, p. 16.