IT security : the need for international cooperation : proceedings of the IFIP TC11 Eighth International Conference on Information Security, IFIP/Sec '92, Singapore, 27-29 May 1992

The original title of IFIP/Sec'92, "From Small Systems to Large," was chosen, not to de-emphasize the continuing importance of security in large computer systems, but to direct attention to the increasing importance of smaller computer systems and their related security and control concerns. Trends contributing to the increased importance of small systems include: downsizing - the replacement of large central systems with smaller distributed systems, increasingly powerful microcomputers, the increasing sophistication and acceptance of LANs, end-user computing, and the devolution of IS management to functional management. The final title, "The Need for International Cooperation", derives from what became the central topic of discussion. The mix of papers in this book is both managerial and technical. Sections with relatively greater managerial content are: Security Management, IS Audit, and Computer Crime. The more technical sections are Database Security, Access Control and Detection, UNIX Security, Network Security, and Cryptography. Most papers have managerial, organisational and technical dimensions.

Keynote and Invited Papers. International Information Technology (IT) Security Cooperation into the 21st Century (W. Madsen). Computer Disasters: The Impact on Business in the 1990's (A. Reed). ASEAN - Computer Crime and Corrective Action: A Status Report (T.S. Chew). Security Management I. Information Security: The Impact of End User Computing (J. Beatson). PRAJORIS - A Pragmatic 'Joint' Method for Raising the Information Security Level in a Company (S. Bentzen). The Status of IT Security in Leading European Organisations (A. Stanley). Findings of the Swedish CITI Project on Information Security Evaluation and Certification (P. Hoving, M. Ohlin, J. Rylander). Network Security. Secure Open Systems: An Investigation of Current Standardization Efforts for Security in Open Systems (P. Overbeek). Network Security: Design of a Global Secure Link (W. Wang, T. Coffey). MAPS - Model for Automated Profile Specification (D. Pottas, S.H. von Solms). Cryptography and the Art of Securing Transactions (C. Holloway). Restating the Foundation of Information Security (D.B. Parker). Security Management II. Data Security Model for Branch Offices of Big Organisations (L.J. Janczewski). Practical Security for the Small Computer User (D. Bachelor, P. Kingston). Information Security Awareness - Selling the Cause (K. McLean). A Company's Battle Against the Virus Plague (P. Capiteijns). IS Audit. How Expert are Auditors in the Computer Security Field? South African Findings and Interpretations (D. Fink). IS Audit Research: A Paradigm and a Framework (C. Soh, G.G. Gable). Cryptography. Measuring the Strength of Ciphers (H. Gustafson et al.). Cryptographic Protocols and Network Security (P. Horster, H.-J. Knobloch). A Solution to Generalized Group Oriented Cryptography (C.-C. Chang, H.-C. Lee). A Methodology For Describing Information and Physical Security Architectures (W.J. Caelli, D. Longley, A. Tickle). Computer Crime I. A Methodology for the Investigation of Computer Crime (P.M. Stanley). Deterring Highly Motivated Computer Abusers: A Field Experiment in Computer Security (D. Straub, P.J. Carlson, E.H. Jones). IT Crime - An Intelligence Report (B. Fortrie). UNIX Operating System Security (J. Clark). Database Security. DISCO - A Discretionary Security Model for Object-Oriented Databases (M.S. Olivier, S.H. von Solms). Referential Integrity in Multilevel Secure Database Management Systems (V.M. Doshi, S. Jajodia). A Complex Approach to the Security of Statistical Databases Subject to Off-Line Sum Queries (Y.-M. Chee, A. Lim). UNIX Security. The New Security Paradigm in the Enterprise Computing Environment (C. Rubin). Integrating B2 Security into a UNIX System (K.H. Brady). Access Control/Detection. Rule-Based Trusted Access Control (M.D. Abrams, I.M. Olson). Governmentware: A New Vehicle to Boost Computer Security on a National Level (C.-S. Yu). A Rule-Based Intrusion Detection System (D. Holden). Access Control - A Further Approach (B. Lau). Computer Crime II.