Speaking at last week's Compsec IT security conference, Neville-Jones, a former chairwoman of the government's joint intelligence committee, said, "I am not advocating tighter regulation." Instead, she suggested that better dialogue between security specialists, lawyers and legislators would lead to more resilient systems and less intrusive legislation.
Neville-Jones added that the main underlying issue was to ensure trust in future IT systems.
Elsewhere at the conference, Peter Kaye, the Bank of England's Security Advisor, said that no one solution could ensure strong IT security.
IT security is bespoke and solutions would all be specific to each company, Kaye said.
Kaye's formula for assessing risk is to calculate the impact and probability of a security breach on the organisation and balance that against the countermeasures in place.
He advised companies adopting the classic military "OODA" approach (to observe, orientate, decide, and then act).