RSA Europe, 2005 Global cooperation on information security is still at the pipe-dream stage if a panel at the RSA Security conference this week is anything to go by.

The panel, chaired by Dame Pauline Neville-Jones, debated how the world can counter the international challenge of information security, but the panellists displayed little consensus on the issue.

The European Commission is also working towards common European policy or legislation. Smith also outlined recent OECD work focussed on: identity, critical infrastructure protection, malware and the regulation of internet content. He believes content regulation is inevitable even if it varies a lot from country to country.

Michael Colao, director of information management at Dresdner Kleinwort Wasserstein, was less convinced that regulators were on the right track.

Colao said: ”We’ve been hearing for a long time about convergence and unified laws – I just don’t see it. It is not being addressed at a pace which we can see.” He pointed to recent action taken by the French IT regulator against several US firms because their obedience to US laws, Sarbanes-Oxley, put them in conflict with French data laws. He said local laws effectively become international laws for multi-national companies. He said some legislation is so vague as to be useless and some, such as Italy’s insistence on eight letter rather than seven letter passwords, so specific as to quickly become redundant.

He said the real problem was a decline in personal responsibilty and that users had to take responsibility for their own machines.®

Related stories

• Competition results Google Earth: the black helicopters have landed (14 October 2005)
• Arrests 'unlikely' to impact botnet threat (13 October 2005)
• Phishing attack targets one-time passwords (12 October 2005)
• EU outlines future net governance (30 September 2005)