RSS Alerts

Related Stories

  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • The PCI Paradox - why PCI DSS isn't preventing data breaches
    PCI DSS has been criticized as being both too prescriptive and too vague. The standard’s effectiveness has come under scrutiny once again as PCI compliant organizations have suffered huge data breaches in recent times. Danny Bradbury looks at the standard to find the root of the problem
  • A Blueprint for Secure Intellectual Property
    Protecting intellectual property (IP) is imperative for any business. Providing a unique business model will encourage revenue, and keeping selected information from ambitious soon to be ex-employees should help to stave off the competition. Add a recession to the mix, complete with unscrupulous tactics, legal grey areas and an increase in redundancies, and the brewing threats might just boil over. Rob Stringer looks into the not-so-secret formula for keeping intellectual property secure
  • Securing the Friendly Skies
    Aviation security and information security are inextricably linked. So much of what makes up aviation security depends on sound information security; encompassing the protection of intelligence, procedural, systems, and network data. For all-too-obvious reasons, much of what goes on behind the scenes at airports with respect to information security is a closely guarded secret, whether it is the alphabet soup of governmental agencies in play or the airlines themselves. Drew Amorosi reports
    Members' Content
  • Music File-Sharing Enters a New Decade
    The recording industry continues to lose billions of dollars each year, along with tens of thousands of jobs, all thanks to illegally downloaded files. Lauren Moraski examines what is being done to combat the drain on this sector

News

McAfee Calls for More Legal Measures on Cybercrime

05 December 2008

ISPs, banks and software vendors must be legally persuaded to take a more prominent role in fighting cybercrime, warns a report from McAfee released Tuesday 9 December. The firm's Virtual Criminology Report calls for more law enforcement training and more liability for software vendors, along with legal incentives for ISPs as the 'front line' for anti-cybercrime measures.

ISPs need legal incentives to work with law enforcement and other service providers, said a draft version of the report, while stronger security breach disclosure requirements are required beyond what it calls "stopgap measures at a state level" in the US.

"Banks in particular must be given strong legal and commercial incentives to introduce more secure technology and better fraud detection systems, or they will inevitably cut margins on security as they struggle to ride out the credit crunch," it added.

Software vendors should be subject to limited liability measures when not following best practice security measures in design and operation, said the report, singling out browsers and email clients as particular areas for concern. This global recommendation mirrors advice given by the House of Lords in the UK last year, which the Government there largely ignored.

Anti-cybercrime efforts are also crippled by a lack of interenational co-operation, said the document, which hinted that senior officials in Russia have links to organised crime. "The implication is that elements of Russia's intelligence agencies are protecting the country's cybercriminals," said the report, referring to comments made by security experts.

The international community has tried to formalise domestic laws to an international standard with the Cybercrime Convention, created by the Council of the European Union in 2001. However, of 45 countries that signed the Convention, only half (including the US) have ratified it, said the report.

"The Council of Europe tried to set some common ground for dealing with cybercrime, but that’s a first step," said Greg Day, EMEA security analyst at McAfee. "We still need to educate the public in terms of how they keep and pull together the forensics and evidence. Then law enforcement needs the expertise to process that."

The US is ahead of the rest of the world in terms of cash investment in cybersecurity, according to the report. The Department of Homeland Security spent $155m on cybersecurity this year, and is gunning for $200m next year, it said. But the National Cybersecurity Initiative has come under fire for irresponsible spending on areas such as domestic surveillance rather than fighting direct attacks, the report concluded.

 

This article is featured in:
Compliance and Policy

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water