SAN FRANCISCO - Information security practitioners face numerous and diverse challenges-from securing Windows NT environments to managing the risks inherent in the relentless drive toward the outsourcing of vital services to writing coherent, effective policies and procedures. The Summer '99 issue of the Computer Security Journal (Vol. XV, No. 3) delivers expert insights on these and other timely subjects.

In the CSI Roundtable on "Outsourcing: Managing Related Security Risks," a panel of experienced practitioners examines the many new risks created by the demand for outsourcing. In a candid and in-depth discussion, the participants offer some sage advice on how to deal with problems that may well arise.

In "Advanced Windows NT Security: Network Security," the second in a two-part series, Dr. E. Eugene Schultz, Ph.D., CISSP of Integrity Solutions International, a subsidiary of Science Applications International Corp. (SAIC) and instructor for CSI's highly popular class on "Windows NT Security," explores the technical problems of securing NT networks. Many of the security issues are complex, and Dr. Schultz provides recommendations.

In "Policies and Procedures: A Guide to Rule Writing," Genevieve M. Burns, CISSP, one of the leading information security authorities, offers a helpful primer that guides you through the step by step process of developing strong, sound documents.

In "E-Commerce Demands a New Set of Rules for Security Professionals," Venkat Raghavan and Robin Mejia of DASCOM articulate how a new approach to authorization infrastructure is can help you secure and thus enable Web-based business.

In "Generally Accepted System Security Principles (GASSP) Broad Functional Principles," Will Ozier and the GASSP Committee unveil the fourteen Broad Functional Principles of the GASSP, complete with rationales and examples. The GASSP is an important, on-going effort to provide guidelines for the building of comprehensive information security programs.

The Computer Security Journal, published quarterly, is one of the many benefits of membership in the Computer Security Institute, such as the 10-page monthly Computer Security Alert.

Non-members can purchase individual issues for $25 each. To order, call 415-947-6320.