Tag Archives: law

ISNow – Internet Security

The following introduction was originally published in the BCS Information Security Now Magazine, Autumn 2008 issue (Volume 3, Issue 1), which was on the topic of Internet Security:

“There is a lot of talk about the Internet being a lawless Wild West, but in reality much can be, and is being done, to address Internet security. So who are the players and what can they do to help?

  • Law Makers should draft laws and regulations in such a way that they can cope with rapid technology change and are applicable in an international context.
  • Law Enforcement should work in partnership with ISPs and security & safety initiatives and develop effective international co-operation with other jurisdictions.
  • Security & Safety Initiatives, such as Get Safe Online and the Internet Watch Foundation (IWF), should receive adequate funding & support and be promoted.
  • ISPs should apply good security practice, self-regulate, support law enforcement and security & safety initiatives and pro-actively deal with abuse reports.
  • Vendors should ensure that their products are developed robustly and securely, be responsive to vulnerability disclosures and educate their users on secure use.
  • Security Researchers should be responsible when disclosing information on critical vulnerabilities, especially when hard to fix or exploitation would have a significant impact.
  • Online Services, especially banking and e-commerce websites, should operate securely and educate their users as to online risks and secure use.
  • Users should comply with their ISP’s acceptable use policies and local laws along with paying attention to security & safety initiatives targeted them.

As can be seen above, there are many players involved in Internet security and safety – and no solution is possible without working with them all.”

A PDF version of the magazine is available online at:

http://www.bcs.org/upload/pdf/isnow-autumn08.pdf

124Law – Enterprise Security

The following article was originally published in 124Law Magazine, April 2007 issue (Issue 6), broadly based on the introduction from the BCS Information Security Now Magazine, Autumn 2006 issue (Volume 1, Issue 1):

Enterprise Security
Nothing to do with a Starship, but is nevertheless about a voyage of discovery into the new and unknown. Law businesses are becoming more interconnected and mobile, network boundaries are eroding, providing more ways for attackers to compromise them. Enterprises need to find new ways of understanding, and coping; to boldly go where some, but not that many, have gone before.

Law firms are now often wholly reliant on electronic processing of information for their existence and financial well-being. As a result, it is more critical than ever for enterprises to take the necessary measures to ensure information remains private, accurate and available at the point of need. Solicitors’ professional ethos and now the law require this.

Information is distributed among known critical back office systems, other operation or practice management systems, the (often mobile) workforce and the systems of other third (and fourth!) parties. All firms need to ensure that they have the skills to ensure appropriate contractual, procedural and technical controls and that these controls are maintained and reviewed.

We face a growing and changing landscape of exposure to vulnerabilities with attackers are more eager than ever to exploit, often before there is a direct mitigation. Financial gain is a great motivator – maybe defenders should learn this lesson as well as the attackers.

Everyone has to realise that the demilitarized zone (DMZ) has been occupied and the concept of a trusted network needs consigning to the history books. Every system must be able to defend itself from its neighbour, because it will often be impossible to identify friend or foe.

Innovate – Don’t Legislate
Over recent years, there has been an increase in legislation and regulation, both national and international, affecting businesses. The coverage has been broad and shows no sign of abating. Technology is no fix in itself and poorly drafted and misapplied rules do little to help, and often hinder.

As we see increased demands for data privacy, protection, interception, retention, breach notifications and computer misuse, some governments are working around their own rules to access or share information in a way that might be incompatible with legal and official procedures.

Firms should be aware of and engage more in consultations and lobbying related to forthcoming legislation and regulations that may affect them. If bad ideas or drafting reach the statute book, unintended consequences may well impact on us in a way that damages our ability to be effective businesses, and countries. Though ever busy, we must keep up a vigilant overview.”

A PDF version of the magazine is available online at:

http://www.2020legalpublishing.co.uk/images/stories/124law/124lawpdfs/april07.pdf