Spam is not an issue for IT security managers

All too frequently, companies look to their IT security managers to solve their spam problems.

All too frequently, companies look to their IT security managers to solve their spam problems.

But spam is not a security issue and should not be a matter of central control, according to Les Fraser, deputy chairman of the British Computer Society's security expert panel.

Writing for the Computer Weekly Infosecurity User Group's website, Fraser argued that the spam debate has delivered little of substance and questioned what all the fuss was about.

"Various figures quoted suggest that more than 40% of all e-mail traffic is spam. But what does the term mean?" he said.

 "If spam is defined as unsolicited e-mail, then most e-mail is unsolicited, in practice. If spam is advertising e-mail, then since when was advertising a crime? If spam is whatever you as an individual want to complain about, that is an entirely different, and quite subjective definition."

Fraser concluded that spam is not a matter for IT security chiefs.

"Although there is a need for debate on the ethics of use/abuse of technology, I do not see that spam is a security issue, nor is a matter for bureaucratic control," he said.

What is the CW Infosecurity Group?
Now in its second year, the Computer Weekly Infosecurity User Group is a joint venture by Computer Weekly; Reed Exhibitions, which runs the annual Infosecurity exhibition and conference; and Elsevier Science, which runs the annual Compsec IT security conference and publishes security-related journals. 

The CWIUG is a free of charge network for anyone with IT security responsibility in a UK IT user organisation - it is not intended for those in the supplier or consultancy communities.  

The regular meetings, usually with corporate IT security managers talking on issues chosen by CWIUG members, are held under strict confidentiality rules. The CWIUG also has an informal relationship with the British Computer Society to keep each other up-to-date with each organisation's activities.

Read more on IT risk management