By the Numbers: September 2003

There's no consensus on what constitutes cyberterrorism from state to state.

States vs. Cyberterror: Where is it a Crime?


If information security used to be about preventing teenage hackers from breaking into corporate networks, 9/11 changed that. Since 2001, 24 states have considered legislation to address "cyberterrorism." Ten have passed laws, but theres no consensus on what, exactly, is illegal—a curious problem for a medium that is stateless. In South Carolina, for example, introducing a virus into a computer is a crime. Michigan specifies penalties for using the Internet to disrupt government operations. And in Virginia, making threats via e-mail could be considered part of a terrorist act. But no guidelines exist to distinguish cyberterrorism from regular "corporate crime" at the state, federal or international level.

Accounting Markup

Makers of accounting software are putting their money where eXtensible Business Reporting Language (XBRL) is, a recent survey found. Two-thirds of respondents plan to have XBRL-enabled products by the end of 2004, with those serving large companies leading the way.

Forwarding Isnt

If you think network security is a losing battle, you may be right. Security services firm Qualys found that 30 days after a critical vulnerability is discovered, only half of the systems at risk are fixed. After 60 days, 25% of systems are still exposed. Worse yet, half of the most prevalent and critical vulnerabilities are replaced by new ones every year. Wheres a white flag when you need one?

Utility Computing: Waiting for a No-Show?

Utility-computing providers appear to have set expectations they may not be able to meet, according to a survey from Saugatuck Technology. While vendors believe the main benefit of the "pay-as- you-go" approach will be to reduce capital expenditures, users are far more concerned about reducing operating costs. Regardless of the message, companies are eager to sign up; they expect the utility-computing infrastructure to be ready in 18 to 24 months. Too bad no one told the vendors: Many estimate it will be 36 to 60 months before they are ready to deliver.

Auditing Excess

If companies were not exactly happy about the Sarbanes-Oxley auditing act in 2002, they were at least a lot more optimistic, according to a survey by PricewaterhouseCoopers. Top executives admitted in June that complying with Sarbanes-Oxley will be more expensive than expected...