RSS Alerts

Share

More services

Related Links

Related Stories

  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Phone Hacking Scandal: Who's Getting the Message?
    In the wake of the tabloid cellphone hacking scandal, have operators really closed all the loopholes that let snoopers intercept our communications? Jim Mortleman investigates
  • White House releases online Trusted Identities plan
    The White House has released the final version of its National Strategy for Trusted Identities in Cyberspace (NSTIC), which is designed to protect consumers from online fraud and identity theft and beef up privacy protections.
  • ID cards roll-out starts in Manchester – security industry concerned
    The UK Home Office has announced that Manchester City will see the first ID cards in the controversial £5bn UK national identity card scheme this year.
  • A Superior (infosec) Education
    As the information security industry becomes more coveted, Wendy M. Grossman takes a look at the university courses available to aspiring and competing infosec professionals on both sides of the Atlantic
    Members' Content

Top 5 Stories

News

Infosecurity Europe: Lord Erroll calls for greater punishment for cybercrime

28 April 2009

Lord Erroll stole the limelight, and the audience’s attention on the ‘Who got caught out the last 12 months’ keynote panel at the Infosecurity Europe show in London, 28 April 2009, by calling for greater penalties and repercussions for cybercrime.

 

Chaired – ironically – by head of security and business continuity for HMRC, Jeff Brooker, who began by assuring the audience that “HMRC doesn’t count as getting caught out, because the breach was more than twelve months ago”, the panel also consisted of Dan Blum, senior vice president and principal analyst, Burton Group, and Julia Harris, head of information security at the BBC.
 
Lord Erroll told delegates that without doubt, we are experiencing huge increase of risk due to the tough economic climate. “Are there incentives not to commit e-crime?” he asked, shortly concluding that there are not, and that more regulation is called for. “E-crime punishment is not heavy enough – the information commissioner (ICO) needs greater powers, the role is there to protect us. Perhaps the ICO should even have power to lock e-criminals up”.  
 
Moving on to the subject of ID cards, Lord Erroll highlighted his concern for “the potential misdirection” that a huge centralised database could create. “The ID card creates a single point of potential failure, which in turn creates more pain for the victim”.
 
“I’m not sure that it’s useful to attach a single number or name [ID card] to a human being” said Lord Erroll. “I can certainly see the potential dangers outweighing the good”. Speaking honestly, he continued “It’s dangerous to hand over that much control. In fact, I think the whole thing is ‘dead dodgy’. I’m certainly against an ID card that can be used to check up on what we’re doing”.
 
Julia Harris, head of information security with the BBC spoke of the restrictions of education. “You need to make it easy to be secure, and not give your users any choice. No matter what you educate them, they’ll click on any link they see – especially those that pander to their ego. Business pressures will result in people breaking policy” Harris said.
 
“The information security industry is more likely to survive this recession than the last one – whereas security used to be seen as an overhead, it’s now becoming known as a necessary evil”.
 
Harris’ advice for avoiding becoming one of the many companies “that get caught out” included “moving controls closer towards the data. Don’t trust your internal network any more than the internet”. Automate controls for programmers to run their code, and watch what’s going out onto your website, Harris continued.
 
‘What’s the secret for convincing senior management to invest in information security?’ one audience member asked Harris. “The fear that they’ll end up on the front page of the Daily Mail is enough to make security an easier sell” replied Harris. “Reputation is very important”.
 
Dan Blum, senior vice president and principal analyst, Burton Group, analysed that “we’ve all been caught out by this new information society. In this information world, we don’t have absolute secrecy”.
 
 
 
 

 

This article is featured in:
Compliance and Policy  • Data Loss  • Public Sector  • Security Training and Education

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012