SAN FRANCISCO - How serious is the threat of information warfare attacks against telecommunications, power grids and other infrastructure targets? According to U.S. intelligence reports, over 120 nations are currently developing both offensive and defensive capabilities in the information warfare arena. The Russian government has called on the United Nations to begin work on a global treaty regarding the danger of such activity. And the U.S. government has agreed to debate relevant information security issues in the U.N. during 1999.

Even if your enterprise is not the specific target of such an attack, the impact could well devastate your operations. Is your organization prepared? What do you need to know? What do you need to plan for? What do you need to factor into to your risk analysis?

CSI's Winter '99 issue of the Computer Security Journal (CSJ) focuses on information warfare and its practical impact on the work of information protection practitioners in corporations and government agencies throughout the world.

Does your enterprise's increasing reliance on satellite technology for business communications and commerce make you vulnerable? What opportunities and exposures does the looming Y2K crisis hold vis-a-vis information warfare? Have you considered your exposure to Psychological Operations (Psy-Ops) conducted by your competitors and adversaries? How serious is the threat from High Energy Radio Frequency (HERF) weapons?

In a candid, freewheeling "CSI Roundtable on Information Warfare," a panel of experts, including Keith A. Rhodes of the U.S. General Accounting Office (Washington, DC), Joseph Ruffini and Lois Miller of Systems Technology Associates (Colorado Springs, CO.), Lawrence Deitz of Current Analysis (San Mateo, CA) and CSI's own Richard Power, tackles these and other timely questions.

In "Information Warfare and Security: Seizing the Signals," Dr. Dorothy Denning of Georgetown University (Washington, D.C.) explores the range of threats to your organization's electromagnetic signals, from eavesdropping and cellular intercepts to Van Eck receptors, sabotage and jamming.

Of course, the Winter '99 issue also continues CSJ's in-depth coverage of the many, diverse aspects on information protection. For example, "Methods of Securing Applications for the World Wide Web," by Dr. Rolf Oppliger of the Swiss Federal Office of Information Technology and Systems (BFI), examines some available methodologies for securing your enterprise's Web presence.

In "Fighting Computer Crime: Good and Bad Control Objectives," Donn B. Parker of SRI International (Menlo Park, CA) provides fourteen control principle guides, including 27 specific control principles, to help you meet the threats from "Information Age" crime.

This rich and varied issue of CSJ also delivers sample policies and procedures on "Unauthorized Use," "Password Guidelines" and "E-Mail Security" from the Principal Financial Group (Des Moines, IA), winner of CSI's 1998 "Information Security Program of the Year Award."

The Computer Security Journal, now published quarterly, is one of the many benefits of membership in the Computer Security Institute, such as the 10-page monthly Computer Security Alert. Non-members can purchase individual issues for $25 each.To order, call 415-947-6320.

CSI, established in 1974, is a San Francisco-based association of information security professionals. It has thousands of members worldwide and provides a wide variety of information and education programs to assist practitioners in protecting the information assets of corporations and governmental organizations.