Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Cybersecurity group looks to Europe for help

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Cybersecurity group looks to Europe for help
Date: Tue, 28 Jun 2005 02:24:15 -0500 (CDT) 
http://www.computerworld.com/securitytopics/security/story/0,10801,102825,00.html

By Scarlet Pruitt
IDG NEWS SERVICE
JUNE 27, 2005 

There isn't a colored alert system indicating the threat level faced
by global information systems. But if there were, former White House
security director Paul Kurtz figures it would be bright orange for
"high risk."

"It's not appropriate to say the sky is falling, but I do think we are
taking information security for granted," Kurtz said during an
interview on Friday.

It's this concern that prompted Kurtz, executive director of the Cyber
Security Industry Alliance (CSIA), to come to Europe last week. CSIA,
a public-policy advocacy group focused on cybersecurity issues, was
launched in February 2004 by a handful of IT security firms, including
RSA Security Inc., McAfee Inc. and Symantec Corp. It's now seeking to
expand its membership in Europe and begin tackling issues across the
Atlantic.

Industry representatives approached Kurtz about his current job early
last year, while he was serving as special assistant to the president
and senior director for critical-infrastructure protection on the
White House's Homeland Security Council. Those roles left him
responsible for both physical and cybersecurity issues.

"At first, I thought Washington needs a new association like a hole in
the head. But then after I thought about it, I elected to leave the
White House," Kurtz said. Part of the reason was that cybersecurity
had been "put in the back seat" while physical security took
precedence, he said. "It was very frustrating," Kurtz added.

At CSIA, Kurtz and the member companies want to work on global
cybersecurity issues such as privacy and information integrity, as
well as help develop policies like notifying the public when personal
information has been exposed in a data breach. The group is focused on
enterprise issues and is CEO-driven -- its board comprises executives
from McAfee, Symantec and RSA, among others.

"The bottom line is that the private sector is going to get attacked,"  
Kurtz said.

The U.S. government isn't taking cybersecurity seriously enough, he
said, noting that it reduced research and development spending for the
area in its latest budget.

One possible reason for the lack of concern is that some government
officials still believe cybercriminals are "pimply-faced teenagers,"  
not organized crime gangs, according to Kurtz.

But for the private sector, the threat has become much more real as
recent high-profile cases have grabbed headlines and shaken consumer
confidence. In just one recent incident, it was revealed that some 40
million credit card numbers may have been accessed by a hacker who
infiltrated the network of a company that processed payment
information for MasterCard International Inc. (see "Security breach
may have exposed 40M credit cards").

"As we've seen over the last few months, a lack of attention to detail
can spill into the papers," Kurtz said.

By motivating the private sector to take action against cyberthreats,
CSIA hopes its work will have a spillover effect on the public sector.  
"We need to raise these issues, but at the same time, we need to make
sure that the government doesn't overreact," Kurtz said.

Overregulation is a concern for the industry. While IT companies want
strong government leadership on IT security issues, at the same time,
many of those polled by the CSIA don't trust the U.S. Congress to do
what's right for the Internet, Kurtz said.

"There's a lot of debate about the roles and responsibility of
government and industry in information security. This is one of the
things we are trying to work out," he said.

Overall, the CSIA is promoting a holistic approach to security and is
willing to work with the variety of concerned players, Kurtz said. In
Europe, for instance, the organization has begun working with agencies
such as the European Union's Article 29 working party on data
protection.

"We are in Europe to take the next step and really think about these
issues more broadly," Kurtz said. The association expects to
eventually extend into Asia, with the goal of establishing a global
organization.

"So often the U.S. rides in to save the day, but we do not want to
bring a U.S. solution; we want to bring a harmonized solution," Kurtz
said.



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Cybersecurity group looks to Europe for help, InfoSec News <=
Previous by Date:  [ISN] Viruses, Security Issues Undermine Internet, InfoSec News
Next by Date:  [ISN] ictQatar holds cyber security workshop, InfoSec News
Previous by Thread:  [ISN] Viruses, Security Issues Undermine Internet, InfoSec News
Next by Thread:  [ISN] ictQatar holds cyber security workshop, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]