1
COMPSEC ‘95 Paper Abstracts Title: Object Oriented: Another Silver Bullet Author: PJ. Corum, The Corum Group Title: Author: Evaluation of Windows 95 and Windows NT Security Controls and Architecture Mark Curtis, PC Security Ltd The paper gives and overview of the security controls and management facilities featured in Windows 95 and Windows NT. The effectiveness of the security controls in addressing identified operational and environmental vulnerabilities is discussed. A practical assessment of the implementation, installation, and management of a se- curity system utilising the provided controls and management architecture supported is given. Title: Secure Commercial Servers Author: Clive Watts, Digital STREAM 3 (a.m.): Financial Title: AI Techniques to Counter Financial Fraud Author: Kevin Galliers, Inter Access Risk Management Identieing financial crime is a two stage process. The detection phase highlights unusual transaction or ac- count behaviour, followed by the context phase, an information-intensive process requiring the computeri- zation of criminal investigation techniques. The range of AI technologies now available for both phases means that organizations must choose carefully before deploy- ment. Title: Derivatives and Assessing their Risks Author: Andrew Bolton, Winters Associates This paper looks at the risks and accompanying controls of derivatives and gives some examples. It looks at the many types ofrisk, what institutions are doing to control them, whether they can be successful. The question is put as to whether there should be more regulations or whether the regulatory authorities should allow institu- tions to control their own activities. Title: ED1 Security and the Internet Author: Terry Dosdale, Axiom Services Title: Security Issues in Contemporary Banking Author: Keith Osborne, ICL Banking systems and environments have changed enor- mously in recent years. Developments in Information Technology in particular have created new products, new services - and new risks. This session will outline some of the security issues in and around today’s banking environment, and show how potential IT Security ex- posures can be identified, quantified and managed. STREAM 4 (a.m.): Standards Title: US Approaches to Cryptographic Key Escrowing (Session Presentation) Author: Lynn McNulty, McNulty and Associates This session will review the development of alternative approaches to cryptographic key escrowing now under consideration in the United States. The US govern- ment’s key escrow technology initiatives, the Clipper and Capstone chips will be discussed and compared with alternative solutions developed by the private sector. These include commercial key escrow solutions developed by Banker Trust and Trusted Information Systems. The session will conclude with the discussion of the commercial violability of key escrow techniques. Title: Beyond the Code of Practice: New Challenges Author: Nigel Hickson, UK Department of Trade and Industry This paper covers the evolution of the Code of Practice into a British Standard (and hopefully an International one), the work DTI is coordinating on accreditation (against the standard) and data labelling, and the new threats to security (e.g. the Internet). It also touches on cryptography policy. STREAM 4 (p.m.): IT Audit Title: Standards - The Need for a Common Framework Author: Gary Hardy, Zergo The demand from users and professionals for clearer definition of ‘good practice “’ in the area of IT security 426

Beyond the code of practice: New challenges

Embed Size (px)

Citation preview

Page 1: Beyond the code of practice: New challenges

COMPSEC ‘95 Paper Abstracts

Title: Object Oriented: Another Silver Bullet Author: PJ. Corum, The Corum Group

Title:

Author:

Evaluation of Windows 95 and Windows NT Security Controls and Architecture Mark Curtis, PC Security Ltd

The paper gives and overview of the security controls and management facilities featured in Windows 95 and Windows NT. The effectiveness of the security controls in addressing identified operational and environmental vulnerabilities is discussed. A practical assessment of the implementation, installation, and management of a se- curity system utilising the provided controls and management architecture supported is given.

Title: Secure Commercial Servers Author: Clive Watts, Digital

STREAM 3 (a.m.): Financial

Title: AI Techniques to Counter Financial Fraud Author: Kevin Galliers, Inter Access Risk Management

Identieing financial crime is a two stage process. The detection phase highlights unusual transaction or ac- count behaviour, followed by the context phase, an information-intensive process requiring the computeri- zation of criminal investigation techniques. The range of AI technologies now available for both phases means that organizations must choose carefully before deploy- ment.

Title: Derivatives and Assessing their Risks Author: Andrew Bolton, Winters Associates

This paper looks at the risks and accompanying controls of derivatives and gives some examples. It looks at the many types ofrisk, what institutions are doing to control them, whether they can be successful. The question is put as to whether there should be more regulations or whether the regulatory authorities should allow institu- tions to control their own activities.

Title: ED1 Security and the Internet Author: Terry Dosdale, Axiom Services

Title: Security Issues in Contemporary Banking Author: Keith Osborne, ICL

Banking systems and environments have changed enor- mously in recent years. Developments in Information Technology in particular have created new products, new services - and new risks. This session will outline some of the security issues in and around today’s banking environment, and show how potential IT Security ex- posures can be identified, quantified and managed.

STREAM 4 (a.m.): Standards

Title: US Approaches to Cryptographic Key Escrowing (Session Presentation)

Author: Lynn McNulty, McNulty and Associates

This session will review the development of alternative approaches to cryptographic key escrowing now under consideration in the United States. The US govern- ment’s key escrow technology initiatives, the Clipper and Capstone chips will be discussed and compared with alternative solutions developed by the private sector. These include commercial key escrow solutions developed by Banker Trust and Trusted Information Systems. The session will conclude with the discussion of the commercial violability of key escrow techniques.

Title: Beyond the Code of Practice: New Challenges

Author: Nigel Hickson, UK Department of Trade and Industry

This paper covers the evolution of the Code of Practice into a British Standard (and hopefully an International one), the work DTI is coordinating on accreditation (against the standard) and data labelling, and the new threats to security (e.g. the Internet). It also touches on cryptography policy.

STREAM 4 (p.m.): IT Audit

Title: Standards - The Need for a Common Framework

Author: Gary Hardy, Zergo

The demand from users and professionals for clearer definition of ‘good practice “’ in the area of IT security

426