# 94-20

Contents


        SPAudit Program Update
        IEEE Security and Privacy Newsletter
        Certified Software Manager Course
        Final Report - - NIDES


1.  The Software Publishers Association has updated its SPAudit program
to version 3.1.  The program now identifies the version of the software
program.  There is also an enhanced option to select all available drives
for a search operation.  The Self-Audit Kit, which includes the program and
several brochures, remains free by calling 1-202-452-1600 for US and Canada.
In Europe one may call 33-1-45-63-02-02.

2.  The Newsletter of the IEEE Computer Society's Technical Committee on
Security and Privacy issued its second electronic edition on 5 Dec 94.  The
hypertext version is available at http://itd.nrl.navy.mil/ITD/5540/ieee/cipher.
Carl Landwehr, the editor, has done a commendable job in putting the Newsletter
together.  If one wishes a direct subscription, send e-mail to <cipher-request@
itd.nrl.navy.mil> with the subject line "subscribe".  The subscription process
is not automatic, but you do receive an acknowledgement upon enrollment.

3.  The Software Publishers Association has announced its January-April 1995
schedule for the Certified Software Manager's Class.  The locations are
throughout the US with stops in Toronto and Vancouver.  The course fee remains
$395.00 with a $100.00 reduction for additional attendees from the same
organization.  One may contact Becky Howland for course details at 202-452-1600
(extension 367).

4.  SRI International has issued "Next Generation Intrusion Detection Expert  
System (NIDES) Final Technical Report", A008, November 16, 1994.  The report
is an excellent overview of where NIDES stands at the present time.  Unlike
some of the previous NIDES documentation this report is easily accessible to
managers and to those (such as myself) who know just enought to be dangerous.
The authors are Debra Anderson, Thane Frivold and Alfonso Valdes.  I highly   
recommend the report for those interested in intrusion detection tools.


[Disclaimer:  Information Systems Security Updates represent the
opinions and views of the author, not his employer.  Recipients
are free to quote all/parts of the ISSU with credit/blame to the
author.]