Feeds

International laws for international crimes

One ring to bind them all

SANS - Survey on application security programs

RSA Europe, 2005 Global cooperation on information security is still at the pipe-dream stage if a panel at the RSA Security conference this week is anything to go by.

The panel, chaired by Dame Pauline Neville-Jones, debated how the world can counter the international challenge of information security, but the panellists displayed little consensus on the issue.

Geoff Smith, a policy maker at the DTI, began by explaining the international action already under way. The UN World Summit on the Information Society met in Geneva two years ago and will meet again in December in Tunis. It is looking at funding and internet governance. Smith said the outcome was still uncertain.

The European Commission is also working towards common European policy or legislation. Smith also outlined recent OECD work focussed on: identity, critical infrastructure protection, malware and the regulation of internet content. He believes content regulation is inevitable even if it varies a lot from country to country.

Michael Colao, director of information management at Dresdner Kleinwort Wasserstein, was less convinced that regulators were on the right track.

Colao said: ”We’ve been hearing for a long time about convergence and unified laws – I just don’t see it. It is not being addressed at a pace which we can see.” He pointed to recent action taken by the French IT regulator against several US firms because their obedience to US laws, Sarbanes-Oxley, put them in conflict with French data laws. He said local laws effectively become international laws for multi-national companies. He said some legislation is so vague as to be useless and some, such as Italy’s insistence on eight letter rather than seven letter passwords, so specific as to quickly become redundant.

He said the real problem was a decline in personal responsibilty and that users had to take responsibility for their own machines.®

Top three mobile application threats

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.