Subject: RISKS DIGEST 16.33 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 23 August 1994 Volume 16 : Issue 33 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: Program Information: 17th National Computer Security Conference (long) Info on RISKS (comp.risks), ARCHIVE EXCERPT ONLY (short) ---------------------------------------------------------------------- Date: Tue, 16 Aug 94 15:06 EDT From: Borodkin@DOCKMASTER.NCSC.MIL Subject: Program Information: 17th National Computer Security Conference (long) [There is a 9 Sep 1994 deadline coming up for advance reg (saves $45, but there is no student reduction) and conference hotel rates. As usual, RISKS runs only the program info (and in this case the full file is 42K). PLEASE E-mail Borodkin@DOCKMASTER.NCSC.MIL for full brochure. OR, you may FTP risks-16.33ncs from the RISKS: archive directory on CRVAX.SRI.COM for the full brochure, or risks-16.33ncsx for just the missing stuff. PGN] 17th NATIONAL COMPUTER SECURITY CONFERENCE October 11-14, 1994 Baltimore Convention Center Baltimore, Maryland CONFERENCE PROGRAM and REGISTRATION Tuesday, October 11, 1994 10:00a.m. - 12:00 p.m. OPENING PLENARY Opening: George B. Mitchell and Irene Gilbert Perry Welcome to Baltimore: Dennis Lego, Bureau of Management Information Systems, City of Baltimore Welcome to the Conference: James H. Burrows & Patrick R. Gallagher, Jr. Keynote Address: The Honorable Sally Katzen Administrator, Office of Information and Regulatory Affairs Office of Management and Budget Systems Security Award: Patrick R. Gallagher, Jr. and James H. Burrows Award Address: Distinguished Awardee Best Paper Awards: Dennis Gilbert and Christopher Bythewood Close: Irene Gilbert Perry and George B. Mitchell Tuesday, 2:00-3:30 p.m. Track A - Intrusion Detection Chair: R.Bace, NSA Testing Intrusion Detection Systems: Design Methodologies and Results from an Early Prototype N. Puketza, University of California, Davis A Pattern Matching Model for Misuse Intrusion Detection S. Kumar, Purdue University Artificial Intelligence and Intrusion Detection: Current and Future Directions J. Frank, University of California, Davis Track B - Panel - The Development of Generally Accepted System Security Principles (GSSP) Chair: M. Swanson, NIST Panelists: W. Ozier, ISSA GSSP Committee Chair E. Roback, NIST B. Guttman, NIST This panel discusses the GSSP that NIST is developing under the auspices of Information Systems Security Association (ISSA) in coordination with OMB and with technical assistance from NSA. Track C - Panel - Can Your Net Work Securely? Chair: P. Neumann, SRI Panelists: E. Boebert, Secure Computing Corp. A. Goldstein, Digital Equipment Corp. W. Diffie, SUN Microsystems C. Neuman, USC-Information Sciences Institute Distributed systems must often rely on components whose trustworthiness cannot be assured. This panel explores related issues. Track D - Panel - Model Information Security Programs Chair: R.Owen,Jr., Texas Office of the Attorney General Panelists: G. Burns, Monsanto Co. S. Green, University of Houston P. Sibert, Dept. of Energy J. Wright, Information Resources Comm. Florida This panel presents Information Security Programs from the state, federal, private, and academic sectors, highlighting their similarities and differences: requirements; security organizational structure; security management process; and methods of security awareness. Track E Tutorial - Security in the Future Speakers: LtCdr A. Liddle, Royal Navy, Information Resources Management College J. Sachs, Arca Systems, Inc. This tutorial takes a view forward to security and its role in enterprises, applications, and information infrastructures; with general threats to information systems; and with the roles of security disciplines. Special Session - Panel: International Harmonziation, the Common Criteria - Progress & Status Chair: E. Troy, NIST Panelists: C. Ketley, European Commission (UK) Y. Klein, European Commission (France) H. Kreutz, European Commission (Germany) A. Robison, CSE, Canada M. Tinto, NSA, US This panel discusses the Common Criteria Project, the input documents, the timetable, and the public review process. Panelists provide the first public overview of the draft Common Criteria document contents. Tuesday 4:00-5:30 p.m. Track A - Panel - Fuzzy Security: Formalizing Security as Risk Management Chair: R. Nelson, Information Systems Security Panelists: H. Hosmer, Data Security, Inc. J. McLean, Naval Research Lab S. Ovchinnikov, San Francisco State University This panel explores strategies for building flexibility into the formal aspects of computer security to produce more functional trusted systems. Panelists present views radically different from the conventional security approach. Track B - Security Standards and Taxonomic Structures Chair: W.Jansen, NIST A Taxonomy for Security Standards W. Jansen, NIST The Graphical Display of a Domain Model of Information Systems Security (INFOSEC) Through Semantic Networks T. Smith, NSA A New Attack on Random Pronounceable Password Generators R. Ganesan, Bell Atlantic Track C - Operational Security Enhancements Chair: D. Dodson, NIST Controlled Execution UNIX L. Badger, TlS Architectures for C2 DOS/Windows-Based Personal Computers J. Epstein, Cordant, Inc. A Practical Hardware Device for System and Data Integrity as well as Malicious Code Protection T.E. Elliott, CSE Track D - Panel - Interdisciplinary Perspectives on INFOSEC Chair: M.E. Kabay, National Computer Security Assn. An Anthropological View: Totem and Taboo in Cyberspace M.E. Kabay, National Computer Security Assn. Panelists: J. Craft, Systems Research and Applications Group V. Black, Pace Un iv. P. Black, Pace Univ. E. Martin, Organization & Education Consultants INFOSEC, like other areas of human endeavor, can benefit from the insights of other disciplines. This panel, a diverse group of academics and practitioners, present their insights. Track E - Tutorial - Risk Management Speaker: LtCdr A. Liddle, Royal Navy, Information Resources Management College This tutorial focuses on the importance of an overall risk management perspective to information system security, stressing risk tolerance as opposed to risk avoidance. Topics include: risk models and differentiation; asset, threat, vulnerability, and risk analysis; and technical vs. operational decisions. Special Session - Panel: Security Requirements for Distributed Systems Chair: R. Dobry, NSA Panelists: J. Cugini, NIST V. Gligor, University of Maryland T. Mayfield, Institute of Defense Analysis The panelists describe what is entailed in providing security for distributed systems and how they see their efforts fitting into the Common Criteria. Wednesday, 9:00 - 10:30a.m. Track A - Access Control Chair: D. Cooper Unisys A Three Tier Architecture for Role Based Access Control R. Sandhu, SETA Corp. Using THETA to Implement Access Controls for Separation of Duties R. Pascale, Odyssey Research Associates Implementing Role Based, Clark-Wilson Enforcement Rules on a B1 On-Line Transaction Processing System B. Smith-Thomas, AT&T Bell Laboratories Track B - Criteria Chair: G. Wagner, NSA Development History for Procurement Guidance Using the Trusted Computer System Evaluation Criteria (TCSEC) Maj M. DeVilbiss, USA, NSA Exporting Evaluation: An Analysis of US and Canadian Criteria for Trust P. Olson, NSA What Color is Your Assurance? D. Wichers, Arca Systems, Inc. Track C - Panel - Internet Firewalls Chair: J.Wack NIST Panelists: M. Ranum, TIS B. McConnell, The MITRE Corp. This panel discusses how firewalls work, policies that can be implemented by firewalls, and updates on different firewall configurations to support restricted access. Track D - Panel - Ethical Issues in the National Information Infrastructure Chair: J. Williams, MITRE Corp. Panelists: D. Denning, Georgetown University G. Hammonds, National Council of Negro Women H. Hosmer, Data Security Inc. E. Leighninger, Andover-Newton Seminary M. Rotenberg, EPIC Social, legal, and ethical values reflected in the design, implementation, and management of the NII will be highly visible in the security policies supported by the NII. This panel addresses broad issues such as equity vs. risk, privacy vs. accountabillty, privacy vs. survelllance, and the international ramifications. Track E - Tutorial - Trust Concepts Speaker: C. Abzug, Information Resources Management College This tutorial focuses on the fundamental concepts and terminology of trust technology. It includes descriptions of the Trusted Computer Systems Evaluation Criteria (TCSEC) classes, how these classes differ and how to determine the appropriate class for your operational environment. Wednesday, 11:00a.m. - 12:30 p.m. Track A - Panel - The Future of Role Based Access Control: Its Structure, Mechanisms, and Environment Chair: H.Feinstein, SETA Corp. Panelists: M. Abrams, MITRE Corp. D. Denning, Georgetown University D. Ferraiolo, NIST R. Sandhu, George Mason University This panel addresses the various definitions of role based security and how they differ from the traditional Bell-Lapadula model. Panelists represent researchers and the user community. Track B - Panel - Product and System Certification in Europe Chair: K. Keus, BSI, Germany Panelists: M. Ohlin, Swedish Defense Materiel Admin. P. Cambell-Burns, Admiral Mngt. Services Ltd., UK H. Kersten, BSI, Germany A.C. Jennen, BSI, Germany P. Overbeek, TNO Physics and Electronic Lab, NL J. Wilde, Logica, UK L. Borowski, CR2A, France This panel, representing Certification bodies of the European Community, discusses their experiences with the European Criteria. Track C - Panel - Proven Detection Tools For Intrusion Prevention Chair: M. Higgins, DISA/CISS Panelists: E. Dehart, Carnegie Mellon University S. Weeber, Lawrence Livermore National Lab F. Avolio, Trusted Information Systems D. Slade, Bell Communications Corp. This panel addresses the uses, implementation, features, and lessons learned of protection tools. Panelists wlll take audience through detection scenarios and lessons learned from operational implementation. Track D - Panel - Medical Information Privacy Current Legislative And Standards Activities Chair: M. Schwartz Summit Medical Systems, Inc. Privacy and the Handling of Patient Related Information in the Public Swedish Health Care System T. Olhede, Swedish Institute for Health Services Panelists: R. Gellman, U.S. House of Representatives M. Donaldson, National Academy of Sciences D. Miller, lrongate, Inc. C. Waegemann, Medical Records Institute G. Lang, The Harrison Avenue Corp. This panel addresses the technical and human issues generated by the currently available technology in the medical arena. Track E - Tutorial - Trusted Networks Speaker: R.K. Bauer, Arca Systems, Inc. This tutorial focuses on basic points in network security and gives an overview of the Trusted Network Interpretation (TNI). Topics include: network security concerns and services, trusted network components, the TNI and its Evaluation Classes, system composition and interconnection, and cascading. Wednesday 2:00 - 3:30 p.m. Track A - Database Developments Chair: M. Schaefer, Arca Systems, Inc. Virtual View Model to Design a Secure Object-Oriented Database F. Cuppens, ONERA/CERT Achieving Database Security Through Data Replication: The SlNTRA Prototype M. Kang, Naval Research Lab The SeaView Prototype: Project Summary T. Lunt, SRI International Track B - Panel - New Concepts in Assurance Chair: P.Toth, NIST Panelists: L. Ambuel, NSA D. Kimpton, CSE - Canada K. Rochon, NSA K. Ferraiolo, ARCA Systems This panel discusses new concepts in the area of assurance for IT security products and systems. Presentations include results oftwo workshops on assurance: The Invitational Workshop on Information Technology Assurance and Trustworthiness and the International Workshop on Development Assurance. Track C - Panel - MLS System Solutions-A Continuing Debate Among the Critical Players Chair: J. Sachs, Arca Systems. Inc. Panelists: J. Adams, SecureWare M. Askew, GTE G. Evans, ARCA P. Klein, DISA A. Leisenring, NSA K. Thompson, USACOM J. Seymour, Joint Staff This panel debates issues associated with acquiring an MLS system. Track D - Detecting and Deterring Computer Crime Chair: J. Holleran, NSA The Electronic Intrusion Threat to National Security & Emergency Preparedness Telecommunications: An Awareness Document T. Phillips, Booz Allen & Hamilton, Inc. Using Application Profiles to Detect Computer Misuse N. Kelem, Trusted Information Systems Can Computer Crime Be Deterred? S. Sherizan, Ph.D, Data Security Systems, Inc. Track E - Tutorial - Trusted Databases Speaker: G.Smith, Arca Systems, Inc. This tutorial focuses on security from a "database view" and gives an overview of the Trusted Database Interpretation (TDI). Topis include: DBMS specific security requirements, vulnerabilities, and challenges; database design considerations; implementation issues; and use issues. Wednesday 4:00 - 5:30 p.m Track A - Panel - Inference Problem in Secure Database Systems Chair: B. Thuraisingham, MITRE Corp. An Inference Paradigm D. Marks, NSA Panelists: D. Marks, NSA T. Lunt, SRI Intl. T. Hinke, University of Alabama M. Collins, MITRE Corp. L. Kerschberg, George Mason University This panel focuses on the practical developments made on the inference problem over the past three years and provides direction for further work on this problem. Track B - Panel - New Challenges for C&A: The Price of Interconnectivity and Interoperability Chairs: Ellen Flahavin, NIST Joel Sachs, ARCA Panelists: A. Lee MITRE E. O'Connor, IRS H. Ruiz, DISA S. Schanzer, CIA E. Springer, OMB This panel focuses on new challenges for certification and accreditation from a variety of government perspectives including civil, defense, intelligence, and multi-agency. Track C - Putting Trusted Products Together Chair: B. Burnham, NSA Partitioning the Security Analysis of Complex Systems H. Holm, NSA The Composition Problem: An Analysis G. King, Computer Science Corp. Making Do With What You've Got J. Jerryman, The Boeing Co. Modern Multilevel Security (MLS): Practical Approaches for Integration, Certification, and Accreditation B. Neugent, The MITRE Corp. Track D - Panel - Computer Crime on the Internet Chair: C. Axsmith, Esq., ManTech Strategies Associates Panelists: D. Parker, SRI Intl. M. Pollitt, FBI T. Chambers, Food & Drug Admin. B. Fraser, CERT, Carnegie Mellon Univ. M. Schoffstall, Performance Systems International M. Fedor, Performance Systems International This panel addresses computer crime issues related to Internet connections. The issue will be dealt with from many angles to provide a practical and wellrounded overview. Track E - Tutorial - Criteria Comparisons Speaker: C.Abzug, Information Resources Management College This tutorial focuses on the differences and similarities of the national and international criteria of Canada, the United States, and Europe. They are compared and considered, both in the context of value to security engineering today, and as foundations for the Common Criteria. Wednesday, 7:O0p.m. Conference Banquet at the Hyatt Regency Inner Harbor Hotel Harry B. DeMaio, Deloitte & Touche Thursday, 9:00 - 10:30 a.m. Track A - Panel - Key Escrowing: Today and Tomorrow Chair: M.Smid, NIST Panelists: J. Manning, NSA M. Glimore, FBI D. Denning, Georgetown University This panel provides an in-depth technical view of the key escrow system developed in conjunction with FIPS 185. Track B - Panel - The Department of Defense Goal Security Architecture Chair: W.T. Polk, NIST Panelists: R. McAllister, NSA C. Deutsch, NSA J. Schafer, DISA J. Coyle, Booz.Allen & Hamilton This panel discusses the DGSA. The DGSA is derived from DoD Information System Security Policy and reflects requirements for the support of multiple security policies, distributed information processing, conductivity by common carriers, users with different security attributes, and resources with varying degrees of security protection. Track C - Panel - Trusted Systems Interoperability Group Chair: S. Wisseman, Arca Systems, Inc. Panelists: P. Cummings, Digital Equipment Corp. R. Sharp, AT&T Bell Laboratories J. Edelheit, The MITRE Corp. C. Watt, SecureWare, Inc. G. Mitchell, NSA This panel, discussing TSIG work since 1989, addresses problem progress in providing multi-vendor interoperability among security enhanced and traditional UNIX systems. Track D - Risks and Threats Chair: D. Gambel, Northrup Grumman Demonstrating the Elements of Information Security With Threats D. Parker, SRI International The Aerospace Risk Evaluation System (ARiES): Implementation of a Quantitative Risk Analysis Methodology for Critical Systems C. Lavine, The Aerospace Corp. The Security-Specific Eight Stage Risk Assessment Methodology D. Drake, Science Applications International Corp. Track E - Tutorial - UNIX Security Speaker: E. Schultz, Arca Systems, Inc. This tutorial focuses on operational security with systems in an internetworked environment, using UNIX as an example. It includes security weaknesses, methods for improving security, and ways to detect and respond to attacks on UNIX systems. Thursday, 11:O0a.m.- 12:30p.m. Track A - Panel - The Security Association Management Protocol (SAMP) Chair: Maj T. Hewitt, USAF NSA Panelists: D. Walters, NIST D. Wheeler, Motorola M. White, Booz. Allen & Hamilton A. Reiss, NSA J. Leppek, Harris Corporation A security association is an agreement between two or more entities that resolves all of the options (negotiable parameters) of the security mechanisms that perform security services for communication. This panel addresses some of the questions, design considerations, and requirements for security associations. Track B - Network Architecture Chair: H.Weiss, SPARTA, Inc. BFE Applicability to LAN Environments T. Benkart, ACC Network Systems The Architecture of Triad: A Distributed, Real Time, Trusted System E.J. Sebes, TIS Constructing a High Assurance Mail Guard R. Smith, Secure Computing Track C - Panel - NSA Concurrent Systems Security Engineering Support To The MLS TECNET Program Chair: B. Hildreth, NSA Panelists: M. Mayonado, Eagan, McAllister Assoc. T. Acevedo, Pulse Engineering, Inc. J. Himes, NSA G. Wessel, NSA R. Blair, NSA R. White, Air Intelligence Agency G. Hurlburt, Naval Air Warfare Center This panel discusses the Concurrent System Security Engineering initiative that NSA is applying to aid TECNET, the Test & Evaluation Community Network. TECNET must evolve the capability for simultaneously processing unclassified and classified data while supporting both cleared and uncleared users. Track D - Panel - Current Issues & Trends in Trusted Product Evaluations Chair: K. Bruso, NSA Panelists: P. Toth, NIST J. Arnold, NSA C. McBride, NSA L. King, NSA M. Hale, NSA J. Pedersen, NSA This panel will highlight the significant accomplishments of trusted product evaluations during the past year. Process improvements will be discussed with particular attention given to the Trust Technology Assessment Program and the Trusted Products Evaluation Program. Track E - Tutorial - Windows NT Security Speaker: J. Williams, Arca Systems, Inc. This tutorial focuses on operational security with distributed PC- based computing, using Windows NT as an example. It discusses security from the perspectives of both clients and servers: exposures and vulnerability, appropriate control measures, and recommended policies and practices. Thursday, 2:00-3:30 p.m. Track A - Networks and Distributed Systems Chair: D. Schnackenberg, Boeing Defense & Space Group Towards a Formal Verification of a Secure and Distributed System and its Applications K. Levitt University of California at Davis Making Secure Dependencies Over a LAN Architecture - for Security Needs B. d'Ausbourg, CERT/ONERA Automatic Generation of High Assurance Security Guard Filters V. Swarup, The MITRE Corp. Track B - Panel - Multilevel Security (MLS) - Current Applications and Future Directions I Chair: Col. J. Sheldon, USA, DISA/CISS Panelists: J. Wiand, USSOCOM R. Myers, USACOM E. Klutz, USACOM LTC T. Surface, USPACOM Maj K. Newland, USSPACECOM P. Woodie, NSA C. West, DISA This panel covers applications and use of multilevel security (MLS) solutions fielded at the US Unified Commands by the Department of Defense MLS Program, and an overview of the NSA Multilevel Information System Security Initiative (MISSI). Track C - Security Implementations Chair: J.Anderson, J.P. Anderson Co. Applying COMPUSEC to the Battlefield S. Arkley, Computer Sciences Corp. Security Requirements for Customer Network Management in Telecommunications V. Varadharajan, Hewlett-Packard Labs. Support for Security in Distributed Systems Using MESSIAHS S. Chapin, Kent State University Track D - Panel - Do You Have the Skills to be a Future INFOSEC Professionals? Chair: V. Maconachy, DISA/CISS Panelists: C. Schou, Idaho State University R. Morris G. Burns, Monsanto Corp. This panel examines the types of skills that wlll be needed to cope with the changing work environment and what types of individual initiatives are required to keep up with advancing technologies and management challenges. Track E - Tutorial - System Security Engineering, Certification, and Accreditation Speaker: J. Sachs, Arca Systems, Inc. This tutorial focuses on engineering and assessment issues in integrating MLS solutions using trusted products, developing the certification evidence, and the accreditation process. Topics include: system security, assurance, trade-offs, and methodologies. Thursday, 4:00- 5:30p.m. Track A - Formal Methods and Modeling Chair: S. Jajodia, George Mason University Belief in Correctness M. Abrams, The MITRE Corp. Towards a Privacy-Friendly Design and Use of IT-Security Mechanisms S. Fischer-Hubner, University of Hamburg Using a Semiformal Security Policy Model 2C a C2 Better M. Schaefer, Arca Systems, Inc. Track B - Panel - Multilevel Security (MLS) - Current Applications and Future Direction II Chair: Col. J. Sheldon, DISA/CISS Panelists: J. Wiand, USSOCOM R. Myers, USACOM E. Klutz, USACOM LTC T. Surface, USPACOM Maj K. Newland, USSPACECOM P. Woodie, NSA C. West, DISA This panel covers applications and use of multilevel security (MLS) solutions fielded at the US Unified Commands by the Department of Defense MLS Program, and an overview of the NSA Multilevel Information System Security Initiative (MISSI). Track C - Views on Vulnerability Chair: R. Wood, NSA A Technical Approach for Determining the Importance of Information in Computerized Alarm Systems J. Lim, Lim & Orzechowski Assoc. ASAM: A Security Certification and Accreditation Support Tool for DoD Automated Information Systems L. Remorca, Secure Solutions, Inc. A Financial Management Approach for Selecting Optimal, Cost-Effective Safeguards Upgrades for Computer- and Information- Security Risk Management S.T. Smith, Barracana, Inc. Track D - Real Lessons Chair: J. Campbell, NSA Security Awareness and the Persuasion of Managers D. Poindexter, CISS The Network Memorandum of Agreement (MOA) Process: Lessons Learned L. Jaworski, TIS Independent Validation and Verification of Automated Information Systems the Department of Energy W. Hunteman, Los Alamos National Laboratory Track E - Tutorial - Information System Security Officer's Challenges Speaker: C. Bressinger, DoD Security Institute This tutorial focuses on the continued protection and accreditation of operational information systems. Topics include: virus prevention and eradication; access control evaluation and configuration; media clearing and purging; intrusion detection and handling; and dealing with risk. Thursday, 6:00 p.m. Awards Ceremony followed by Awards Reception at the Baltimore Convention Center Friday, 9:00 - 10:30 a.m. Track A - Panel - Highlights of the New Security Paradigms `94 Workshop Chair: E. Leighninger, Co-Program Chair Formal Semantics of Confidentiality in Multilevel Logic Databases A. Spalka, University of Bonn Healthcare Information Architecture: Elements of a New Paradigm D.Essin & T. Lincoln Communication, Information Security and Value J. Dobson, University of Newcastle Fuzzy Patterns In Data T.Y. Lin, San Jose State University Track B - Panel - Prominent Industry-Sponsored Security Architectures Currently Under Development Chair: M. McChesney, SecureWare Panelists: R. Schell, Novell, GSA B. Dwyer, Hewlett-Packard, DCE This panel discusses the Distributed Computing Environment Security Servicing, the NoveIl Global Security Architecture, and the Extended Global Security Architecture; how they relate to one another and how they might evolve in the future to provide compatible security functionality. Track C - Panel - Provisions to Improve Security on the Internet Chair: H. Highland Panelists: F. Avolio, Trusted Information Systems, Inc. S. Bellovin AT&T Bell Laboratories M. Bishop, University of California, Davis W. Cheswick, AT&T Bell Laboratories Dr. J. David, The Fortress Colonel F. Kolbrener A. P. Peterson, P.E., Martin Marietta This panel discusses what Internet has done to promote net security the specific risks of operating under TCP/IP, and what can be done quickly and easlly to promote net security. Track D - Panel - Computers at Risk (CAR) Recommendations: Are They Still Valid? Chair: H.Tipton, CISSP, Member of the CAR Committee, Member of the GSSP Committee Panelists: W. Ozier, Ozier Peterse & Assoc. S. Walker, Trusted Information Systems E. Boebert, Secure Computing Corp. Panelists revisit the CAR committee recommendations in view of the information security environment today. Track E - Panel - IT Security Resources Panelists: K. Everhart, NIST M. Swanson, NIST B. Lau, NSA N. Lynch, NIST This session presents an overview of major sources of information on IT security and a model for acquiring, disseminating, and managing security- relevant information resources. Friday, 11:00 a.m. - 12:30 p.m. CLOSING PLENARY "Security, Privacy, and Protection issues in Emerging Information Infrastructures" Distinguished Panel: Professor Anthony Oettinger (Co-Chair) Chairman Program on Information Resources Policy Harvard University Dr. Brian Kahin (Co-Chair) Director Information Infrastructure Project Science, Technology and Publlc Policy Program Harvard University Robert Lucky Vice President Applied Research Bellcore Fred M. Briggs Senior Vice-President and Chief Engineering Officer MCI ------------------------------ Date: 31 May 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. [EXCERPT ONLY] ARCHIVES: "ftp crvax.sri.comlogin anonymousYourName cd risks: Issue j of volume 16 is in that directory: "get risks-16.j". For issues of earlier volumes, "get [.i]risks-i.j" (where i=1 to 15, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye" logs out. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password; bitftp@pucc.Princeton.EDU and WAIS are alternative repositories. See risks-15.75 for WAIS info. To search back issues with WAIS, use risks-digest.src. With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html. ------------------------------ End of RISKS-FORUM Digest 16.33 ************************