Expect more intrusive IT regulation, security chiefs warned

The rising tide of cybercrime could result in more intrusive regulation and legislation of IT, corporate security chiefs have...

The rising tide of cybercrime could result in more intrusive regulation and legislation of IT, corporate security chiefs have been warned.

 

Speaking at Compsec, the UK's main IT security conference, Dame Pauline Neville-Jones, chair of defence technology agency Qinetiq, said advances in networking technology had raised new headaches over IT security and how to improve it.

 

Neville-Jones, who was a recent chair of the government's Joint Intelligence Committee, said that rising fears over cybercrime increased the likelihood of government intervention in a bid to bolster trust in e-business.

 

"I am not advocating tighter regulation," she said, arguing that better dialogue between security specialists, lawyers and legislators would lead to more resilient systems and less intrusive legislation.

 

Neville-Jones added that the main underlying issue is to ensure trust in future IT systems. "All freedom depends on trust," she said. "That is a central feature of a democracy."

 

Elsewhere at the conference, Peter Kaye, the Bank of England's Security Advisor, said that no one solution could ensure strong IT security.

 

IT security is bespoke and solutions will all be specific to each company, Kaye said.

 

"There will be a synergy of elements used in different emphases relating to different people in different situations," he said. "Security problems tend to be very specific."

 

Kaye's formula for assessing risk is to calculate the impact and probability of a security breach on the organisation and balance that against countermeasures in place.

 

He advised companies adopting the classic military "OODA" approach (To observe, orientate, decide, and then act) to keep one step ahead.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close