More training needed to meet security threats

IT specialists need more training in how to build systems that prevent security breaches and comply with the law, and end-users...

IT specialists need more training in how to build systems that prevent security breaches and comply with the law, and end-users need to learn how to preserve evidence to aid police with investigations into e-crime, the BCS has said.

The BCS believes more could be done to prevent e-criminals escaping punishment - including the tightening up of inconsistencies in the law and in procedures between countries.

In a position statement on e-crime, the BCS commended efforts to improve the training of prosecution authorities and increase the number of well-trained police officers.

However, the statement also said, "Government surveys suggest that many serious incidents do not result in prosecution. This may be due to the lack of knowledge in organisations about processes for gathering evidence - guidelines from the Association of Chief Police Officers set these out.

"We would support a major drive to train staff in evidence gathering relating to IT. This would enable police time to be better deployed and result in less effort in dealing with offenders.

"We believe the quality of evidence gathering and preserving software may cause concern in the future, and we would support efforts to impose certification on such products.

"We are also concerned that users may not identify an incident because the software or hardware they use does not perform reliably. We would support efforts to improve software quality."

Systems designers also need more training, according to the BCS.

"Precision is essential for IT systems to work, but clarity of the law is difficult to obtain in many areas, in the absence of case law and precedents. It is therefore often difficult to design systems so that the law is complied with, and inadvertent breaches take place," the society said.

"We would support efforts to provide clear guidance to systems developers relating to legal obligations in order to assist in system design."

Another important issue highlighted by the BCS is that interpretations of the law can make it difficult to achieve successful prosecutions.

This applies internationally as well as in individual countries. "We support greater international harmonisation of laws on e-crime and of the processes for addressing all crimes committed in a computer environment," it said,

BCS position papers and responses on public issues

Read more on IT risk management