The problem with legislation
Do you feel a need for a stronger dialogue between the IT profession and legislators and regulators so that the right kind of laws get passed as opposed to well-intentioned laws that completely misunderstand the situation? Or is the law just not a very effective mechanism for dealing with the problems that you face? Benincasa: Unfortunately, the laws are only going to be U.S.-based. You can get attacked from anywhere in the world. Unless youve got some uniformity, the European community and the U.S. community can pass as many laws as they want, but youve still got a lot of other countries that can perpetuate attacks.Rosen: Weve got worldwide problems, but we dont have worldwide laws. It sounds as if we have some agreement herethat the change in the threat environment from one where you can be reactive versus one where you have to be proactive demands that some real questions be asked and answered. For example, how much does it cost to have the appropriate level of protection in terms of compute power, and is the technology really ready to use? Calabrese: You can add one more piece to it: The [vendors] Im talking to are looking for a two-year commitment. So Im being asked to sign a two-year contract for technology that is appropriate today but that I wouldnt have known I would have been concerned with two years ago. Gunnerson: I think you need to tap into the realities of the technology change and make sure that the contracts are appropriately worded. ... If youre going to be locked in to something for 24 months, put the wording in there that says there will be a technology escalation review at 12 months, where you can actually make sure that the contract and the relationship between the two parties are cognizant that technology is changing. I think youll be OK then. Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.
So, as far as youre concerned, the laws and the regulatory bodies are unable to make a meaningful contribution here?