U.S. Government agencies belatedly address information system security issues

doi:10.1016/0167-4048(88)90575-5

Computers & Security

Volume 7, Issue 4, August 1988, Pages 361-366

https://doi.org/10.1016/0167-4048(88)90575-5 Get rights and content

First page preview

Click to open first page preview

View PDF

Reference (1)

StollD.
Stalking the wily hacker
Commun. ACM
(May 1988)

Cited by (2)

An evaluation of HP-UX (UNIX) for database protection using the European ITSEC
1992, Computers and Security
This paper describes an evaluation of the effectiveness of two versions of Hewlett Packard's UNIX operating system, HP-UX, to protect a sensitive database set up under the ORACLE Data Base Management System, using Version 1.0 of the European Information Technology Security Evaluation Criteria (ITSEC) as the basis for the evaluation. An outline of these criteria is given, along with mention of the US Trusted Computer System Evaluation Criteria (TCSEC) for comparison purposes. The research project reported in this paper was aimed at determining the level of effort required to perform such an evaluation and also the relevance of the ITSEC to commercial environments where information systems security, incorporating authenticity, integrity and privacy, are of paramount concern. Two successive releases of the HP-UX operating system were found to be markedly different when evaluated from the ITSEC point of view, with the latter version being quite effective in maintaining security parameters. It was also concluded that evaluations are time consuming but can have positive implications for commercial systems developers.
The helminthiasis of the Internet
1991, Computer Networks and ISDN Systems
The helminthiasis (infestation with, or disease caused by parasitic worms) of the Internet was the result of a self-replicating program that infected VAX computers and SUN-3 workstations running the 4.2 and 4.3 Berkeley UNIX code. The worm disrupted the operations of computers by accessing known security loopholes in applications closely associated with the operating system. Despite system administrators' efforts to eliminate the program, the infection continued to attack and spread to other sites across the United States.

^*

Belden Menkus has been a full-time consultant to management since 1968. He is accredited by the Society of Professional Management Consultants (SPMC) and is a Certified Information Systems Auditor, a Certified Records Manager and a Certified Systems Professional. He writes and lectures extensively on various aspects of business management. He is executive editor of Journal of Systems Management and a regular contributor to Software News, Administrative Management, EDP Auditor and Business Insurance. In addition, he is a member of the editorial board of Corporate Crime and Security, and the editor of Data Processing Auditing Report.

He is a Fellow of both the British Institute of Administrative Management and the American Association of Criminology. He is a member of the Board of the EDP Quality Assurance Institute, and the Panel of Arbitrators of the American Arbitration Association, the Association for Systems Management, the New York Crime Prevention Council, and the Business Forms Management Association.

He has twice been awarded the silver medallion of the American Management Association and has received the distinguished service citations of both the National Micrographics Association and the Association of Records Executives and Administrators. He has been named a life honorary member of the Federal Emergency Management Administration Staff College faculty.

View full text

Computers & Security

U.S. Government agencies belatedly address information system security issues

First page preview

Stalking the wily hacker

Commun. ACM

An evaluation of HP-UX (UNIX) for database protection using the European ITSEC

The helminthiasis of the Internet