Big IT projects must include e-crime measures

IT directors' forum: News and views from last week's conference

IT directors' forum: News and views from last week's conference.

Major public sector IT initiatives should incorporate e-crime reporting mechanisms from the outset and liaise closely with the National High-Tech Crime Unit, John Lyons, the unit's crime reduction co-ordinator, told senior IT chiefs at this year's IT Directors' Forum.

"We want to be in on the ground with major projects such as those being undertaken by the NHS, the Criminal Justice Department, the Inland Revenue, and the Ministry of Defence," he said.

Forecasting unprecedented growth in e-crime for 2003, Lyons called on businesses to report all incidents of organised high-tech crime to provide his unit with the intelligence it needs to crack down harder on e-crime.

"We want to reassure businesses that they can come to us in confidence," said Lyons, guaranteeing a secure environment to do so under the NHTCU's confidentiality charter. "Our background is handling serious crime, handling informants and establishing trust. We also understand the business issues."

One problem many IT directors face is that companies do not invest in IT security until after the organisation has suffered attack and serious loss. Part of the reason is that board members do not have access to facts about the level of risk.

"We need intelligence from the coalface to pull it all together and tackle e-crime in the right way," said Lyons. "We are asking companies to share their information about attacks with us. We will sanitise it by keeping confidentiality, then aggregate it and pass back the combined information to them."

Conference quotes:  The changing role of IT directors      

"I find that only a third of IT directors these days actually come from an IT background, the job is about vision and control, rather than technology."  John Varney, CTO, BBC   

 "There is going to be a time where there are two IT directors: one for technology issues and one for the business."   Terry Foster, chief executive, Meta Group   

"IT directors are looking at Linux from the cost and business perspective, rather than from an evangelical point of view - evangelists do not run business."  Graham Taylor, programme director, OpenForum Europe

Read more on IT risk management