- Email: [email protected]
Security priority for data superhighway
Computer Audit Update
Natural disasters According to the Insurance Council of Australia figures, since 1967, more than 300 significant Australian natural hazard occurrences have been recorded, including bush fires, cyclones, floods, rain and hailstorms and earthquakes. These figures do not include losses resulting from technological hazard occurrences including hazardous materials incidents, major electrical outages, industrial fires and explosions etc.
January 1994
work being suspended, a situation over which management has little or no control. References .
MPD is the maximum permissible delay before computing services must be returned to ensure business continuance.
.
Fitzgerald, K. J: Planning for Disaster-- The Need For Planning For Recovery From Disaster. Computer Control Quarterly, pp. 49-53, Vol 9, No. 3, 1991. MCB University Press.
.
Kamay, V & Adams, T: The 1992 Profile Of Computer Abuse In Australia. The Australian Computer Abuse Research Bureau, RMIT, Melbourne 1992.
Industrial relations Perhaps the greatest threat to many public sector organizations involves industrial action as DP staff are not a resource that can be replaced with a great deal of ease. Public sector employees hold a distinct labour market advantage not enjoyed by their private sector equivalents in that: Staff have less concern for the permanency of their jobs which provides them with a d i s t i n c t b a r g a i n i n g a d v a n t a g e over management. It is very difficult to terminate an individual's employment and even more so over an industrial issue that has full union approval.
The views expressed in this article are entirely those of the authors and do not reflect any official position of the Australian Department of Social Security.
Many private sector DP employees operate on a contractual basis which can be terminated at the employer's discretion especially in regard to individuals creating industrial unrest.
NEWS
Many private sector employees do not have the backing of a strong union or are simply not willing to risk their employment or future promotion prospects by initiating an industrial confrontation with management. In the DSS experience, unions have usually, but not always, expressed a sympathetic view to prevent a situation whereby clients are not paid their entitlement due to an industrial dispute. There is the threat, however, that an unresolvable industrial dispute could result in all processing
16
Damien Kennedy and Howard Nicholson are IT auditors at the Australian Department of Social Security.
©1994 Australian Department of Social Security.
Security priority for data superhighway Ensuring information security over the proposed US electronic superhighway is a key aim for a new working group set up to investigate how to develop the network, according to a report in The Wall Street JournaL 28 major companies have formed the Cross Industry Working Team to "promote and accelerate the deployment" of an advanced information network, according to a group statement. The group will report back to the Clinton administration on how to set up the basic architecture for the network which is intended to
©1994 Elsevier Science Ltd
January 1994
handle data, including sound and video at three times the speed of the fastest transmission rates on the Internet. Among the group members are AT&T, IBM, Apple, BellSouth, Hewlett-Packard and Citicorp. The banking industry is well-represented and intends to use its membership to "bring a heightened awareness of security", according to Colin Crook, director of technology, Citicorp. The group plans to make the network more secure than the Internet. After all, "We want it to have the right attributes so that we can use it," says Crook.
Heavier sentences for IT saboteurs According to ComputerWeekly, in New York tough new laws on computer tampering could result in jail sentences of up to 15 years, triple the maximum sentence in the UK. Behind this is growing alarm over the damage to businesses whose systems are sabotaged. In the latest case, Michael Lafaro - - head of a Nassau software company - - i s facing criminal charges for allegedly infecting a client firm's computer with a virus. Police claim that he, and one of his technicians, deliberately tried to crash the company's system after an argument over unpaid bills. Both men deny the charges which, if proved, could incur fines of up to $10 000 as well as heavy jail sentences. In the UK, there is little likelihood of the maximum five-year sentence being increased under the Computer Misuse Act. Nearly 160 separate virus incidents were reported to the police last year, but prosecution cases have been notoriously difficult to prove.
Virus threat exaggerated, reveals study A survey carried out by the Institution of Analysts and Programmers has shown that viruses do not pose as great a threat to businesses as commonly believed.
Computing reports that over 50% of the 500 survey repondents claimed to have never had any contact with viruses. The majority of viruses
@1994 Elsevier Science Ltd
ComputerAudit Update
reported were relatively simple with Forms and New Zealand being the most common infectors of boot systems and Cascade and Jerusalem the top parasitic infections. 82% of the respondents had an anti-virus policy and of those without a policy 13% had been affected by a virus with only 5% escaping all together. Commenting on the results of the survey, Jim Bates, president of the Institution said: "Users are realizing a lot of what they hear about viruses, particularly from anti-virus software vendors, is lies."
New survey to uncover extent of security breaches The UK National Computing Centre is carrying out a survey of 10 000 companies to assess the state of computer security in British business. The study is sponsored by ICL and the UK Department of Trade and Industry. The last survey performed in 1991 revealed that over half of UK firms had suffered IT security problems with total costs estimated at £1.1 billion. A number of case studies are to be presented with the survey findings and organizations are invited to come forward in confidence and relate their experiences to the survey team. The report is due to be published in April 1994.
Fiat goes legal after software piracy raid Fiat has bought 30 000 software licences after the premises of La Stamp& an Italian newspaper owned by the company, were raided by the BSA. According to Computer Weekly, the BSA settled out of court, claiming that actions by the Italian Government have aided the settlement. The BSA claims that software sales in Italy are up by 150% for the second quarter of 1993 to $60 million. Because of the nature of its settlement with the Fiat Group, the BSA refused to divulge details of what percentage of La Stampa software was pirated, or how much Fiat paid in the settlement.
17
Natural disasters According to the Insurance Council of Australia figures, since 1967, more than 300 significant Australian natural hazard occurrences have been recorded, including bush fires, cyclones, floods, rain and hailstorms and earthquakes. These figures do not include losses resulting from technological hazard occurrences including hazardous materials incidents, major electrical outages, industrial fires and explosions etc.
January 1994
work being suspended, a situation over which management has little or no control. References .
MPD is the maximum permissible delay before computing services must be returned to ensure business continuance.
.
Fitzgerald, K. J: Planning for Disaster-- The Need For Planning For Recovery From Disaster. Computer Control Quarterly, pp. 49-53, Vol 9, No. 3, 1991. MCB University Press.
.
Kamay, V & Adams, T: The 1992 Profile Of Computer Abuse In Australia. The Australian Computer Abuse Research Bureau, RMIT, Melbourne 1992.
Industrial relations Perhaps the greatest threat to many public sector organizations involves industrial action as DP staff are not a resource that can be replaced with a great deal of ease. Public sector employees hold a distinct labour market advantage not enjoyed by their private sector equivalents in that: Staff have less concern for the permanency of their jobs which provides them with a d i s t i n c t b a r g a i n i n g a d v a n t a g e over management. It is very difficult to terminate an individual's employment and even more so over an industrial issue that has full union approval.
The views expressed in this article are entirely those of the authors and do not reflect any official position of the Australian Department of Social Security.
Many private sector DP employees operate on a contractual basis which can be terminated at the employer's discretion especially in regard to individuals creating industrial unrest.
NEWS
Many private sector employees do not have the backing of a strong union or are simply not willing to risk their employment or future promotion prospects by initiating an industrial confrontation with management. In the DSS experience, unions have usually, but not always, expressed a sympathetic view to prevent a situation whereby clients are not paid their entitlement due to an industrial dispute. There is the threat, however, that an unresolvable industrial dispute could result in all processing
16
Damien Kennedy and Howard Nicholson are IT auditors at the Australian Department of Social Security.
©1994 Australian Department of Social Security.
Security priority for data superhighway Ensuring information security over the proposed US electronic superhighway is a key aim for a new working group set up to investigate how to develop the network, according to a report in The Wall Street JournaL 28 major companies have formed the Cross Industry Working Team to "promote and accelerate the deployment" of an advanced information network, according to a group statement. The group will report back to the Clinton administration on how to set up the basic architecture for the network which is intended to
©1994 Elsevier Science Ltd
January 1994
handle data, including sound and video at three times the speed of the fastest transmission rates on the Internet. Among the group members are AT&T, IBM, Apple, BellSouth, Hewlett-Packard and Citicorp. The banking industry is well-represented and intends to use its membership to "bring a heightened awareness of security", according to Colin Crook, director of technology, Citicorp. The group plans to make the network more secure than the Internet. After all, "We want it to have the right attributes so that we can use it," says Crook.
Heavier sentences for IT saboteurs According to ComputerWeekly, in New York tough new laws on computer tampering could result in jail sentences of up to 15 years, triple the maximum sentence in the UK. Behind this is growing alarm over the damage to businesses whose systems are sabotaged. In the latest case, Michael Lafaro - - head of a Nassau software company - - i s facing criminal charges for allegedly infecting a client firm's computer with a virus. Police claim that he, and one of his technicians, deliberately tried to crash the company's system after an argument over unpaid bills. Both men deny the charges which, if proved, could incur fines of up to $10 000 as well as heavy jail sentences. In the UK, there is little likelihood of the maximum five-year sentence being increased under the Computer Misuse Act. Nearly 160 separate virus incidents were reported to the police last year, but prosecution cases have been notoriously difficult to prove.
Virus threat exaggerated, reveals study A survey carried out by the Institution of Analysts and Programmers has shown that viruses do not pose as great a threat to businesses as commonly believed.
Computing reports that over 50% of the 500 survey repondents claimed to have never had any contact with viruses. The majority of viruses
@1994 Elsevier Science Ltd
ComputerAudit Update
reported were relatively simple with Forms and New Zealand being the most common infectors of boot systems and Cascade and Jerusalem the top parasitic infections. 82% of the respondents had an anti-virus policy and of those without a policy 13% had been affected by a virus with only 5% escaping all together. Commenting on the results of the survey, Jim Bates, president of the Institution said: "Users are realizing a lot of what they hear about viruses, particularly from anti-virus software vendors, is lies."
New survey to uncover extent of security breaches The UK National Computing Centre is carrying out a survey of 10 000 companies to assess the state of computer security in British business. The study is sponsored by ICL and the UK Department of Trade and Industry. The last survey performed in 1991 revealed that over half of UK firms had suffered IT security problems with total costs estimated at £1.1 billion. A number of case studies are to be presented with the survey findings and organizations are invited to come forward in confidence and relate their experiences to the survey team. The report is due to be published in April 1994.
Fiat goes legal after software piracy raid Fiat has bought 30 000 software licences after the premises of La Stamp& an Italian newspaper owned by the company, were raided by the BSA. According to Computer Weekly, the BSA settled out of court, claiming that actions by the Italian Government have aided the settlement. The BSA claims that software sales in Italy are up by 150% for the second quarter of 1993 to $60 million. Because of the nature of its settlement with the Fiat Group, the BSA refused to divulge details of what percentage of La Stampa software was pirated, or how much Fiat paid in the settlement.
17