SAN FRANCISCO - Information protection (IP) on the threshold of the 21st Century is a rapidly changing, dynamically evolving arena of endeavor. IP practitioners in corporations and government agencies throughout the world are being pushed to their limits--grappling simultaneously with the feverish building of intranets, the rapid roll-out of electronic commerce sites, the ever-increasing need to deploy encryption technology and other full-throttle initiatives. The Computer Security Institute's Fall 1998 Computer Security Journal, Vol. XIV, Number 4, (CSJ) offers some invaluable insights and practical recommendations to assist in the daunting tasks at hand.

In "Intranet Security Guidelines: How to Protect the Enterprise while your Intranet Grows," Michael Corby, CISSP, and Robert Johnston, CISSP, of Corby and Associates (www.mcorby.com) provide an extensive set of recommendations. Following their lead, you will be able to see that the benefits derived from your organization's intranet are not lost due to the new vulnerabilities it opens up.

In "Critical Security Flaws in Electronic Commerce Systems," Phil Moyer of Hyperon (www.hyperon.com) shows that something is seriously wrong with many e-commerce system designs, then offers suggestions on how to correct the mistakes before it is too late.

CSI's Fall '98 CSJ also explores some new information protection technologies. In "Elliptic Curve Cryptography Delivers Security for Electronic Commerce," Paul Lambert of Certicom (www.certicom.com) provides insights into what information protection practitioners can expect from choosing Elliptic Curve Crypto (ECC) for electronic commerce and communications. In "Fingerprint Biometric Devices," Ben Rothke, CISSP, of Ernst and Young LLP (www.ey.com) examines the pros and cons of using biometric devices for user authentication. The Computer Security Journal, now published quarterly, is one of the many benefits of membership in the Computer Security Institute, such as the 10-page monthly Computer Security Alert. Non-members can purchase individual issues for $25 each. To order, call 415-947-6320.

CSI, established in 1974, is a San Francisco-based association of information security professionals. It has thousands of members worldwide and provides a wide variety of information and education programs to assist practitioners in protecting the information assets of corporations and governmental organizations.