RSS Alerts

Share

More services

Related Stories

  • Information security in China: A license to print money
    With 200 million internet users in China, and a predicted annual growth rate of 17% for the information security market until 2013, why would security vendors want to go anywhere else? William Knight investigates
  • Cybercrime Knows No Borders
    Prosecuting cybercrime is no easy task. Even with today’s forensic capabilities, legal inadequacies in various jurisdictions, not to mention uneven enforcement, make stemming the tide a rather daunting task. Lauren Moraski reports on the complications
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Comment: Where the CISO Should Sit
    The CISO position is making a comeback, but if not strategically positioned in an organization, it can become a powerless figurehead – competing for mindshare and budget with other “functional” operations. Ed Adams of Security Innovation points out why a CISO can be far more effective if reporting to the CEO (or highest ranking risk officer) instead of the CIO

Top 5 Stories

News

McAfee Calls for More Legal Measures on Cybercrime

05 December 2008

ISPs, banks and software vendors must be legally persuaded to take a more prominent role in fighting cybercrime, warns a report from McAfee released Tuesday 9 December. The firm's Virtual Criminology Report calls for more law enforcement training and more liability for software vendors, along with legal incentives for ISPs as the 'front line' for anti-cybercrime measures.

ISPs need legal incentives to work with law enforcement and other service providers, said a draft version of the report, while stronger security breach disclosure requirements are required beyond what it calls "stopgap measures at a state level" in the US.

"Banks in particular must be given strong legal and commercial incentives to introduce more secure technology and better fraud detection systems, or they will inevitably cut margins on security as they struggle to ride out the credit crunch," it added.

Software vendors should be subject to limited liability measures when not following best practice security measures in design and operation, said the report, singling out browsers and email clients as particular areas for concern. This global recommendation mirrors advice given by the House of Lords in the UK last year, which the Government there largely ignored.

Anti-cybercrime efforts are also crippled by a lack of interenational co-operation, said the document, which hinted that senior officials in Russia have links to organised crime. "The implication is that elements of Russia's intelligence agencies are protecting the country's cybercriminals," said the report, referring to comments made by security experts.

The international community has tried to formalise domestic laws to an international standard with the Cybercrime Convention, created by the Council of the European Union in 2001. However, of 45 countries that signed the Convention, only half (including the US) have ratified it, said the report.

"The Council of Europe tried to set some common ground for dealing with cybercrime, but that’s a first step," said Greg Day, EMEA security analyst at McAfee. "We still need to educate the public in terms of how they keep and pull together the forensics and evidence. Then law enforcement needs the expertise to process that."

The US is ahead of the rest of the world in terms of cash investment in cybersecurity, according to the report. The Department of Homeland Security spent $155m on cybersecurity this year, and is gunning for $200m next year, it said. But the National Cybersecurity Initiative has come under fire for irresponsible spending on areas such as domestic surveillance rather than fighting direct attacks, the report concluded.

This article is featured in:
Compliance and Policy

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012