Could do better all round

The European Union’s information security body has warned that many countries in Europe need to pull their socks up when it comes to information security, and called for changes in legislation that will make the reporting of security breaches by businesses mandatory.

The European Network and Information Security Agency (ENISA) highlighted in its General Report 2007, published last month, that while 14 EU member states have government-supported response teams, many member countries are not equipped to deal with cyber attacks – and leave themselves vulnerable to what it called a ‘digital 9/11’.

ENISA also called for the introduction of laws that would force businesses to reveal when the security of their computer systems has been breached. There is currently no requirement for companies to reveal that a breach has taken place – and many businesses avoid reporting such incidents in an attempt to protect their reputations – but the withholding of information about security breaches both leads the public into a false sense of security and makes the task of fighting cybercrime significantly harder.

Andrea Pirotti, executive director of ENISA, said in a statement: ‘Europe must take security threats more seriously and invest more resources in NIS [network and information security].’

Meanwhile, in the US an annual report card revealed that federal agencies showed better adherence to information security rules in 2007 than in the previous year, but that nine of the 24 agencies still failed to comply with the rules to a satisfactory degree. The report card assigns a grade to each government agency for its compliance with the Federal Information Security Management Act of 2002. Overall, a ‘C’ grade was awarded for the combined governmental effort – which was a small step up from last year’s ‘C-’. However, nine of the agencies were graded ‘D’ and below – a definite case of ‘could do better’.

Latest articles:

Bulletin Archive