Skip to main content /TECH with IDG.net
CNN.com /TECH
CNN TV
EDITIONS

IT, legal staff urged to unite against cybercrime

image
Computerworld

(IDG) -- IT departments that battle computer crime John Wayne-style, or all by themselves, may be undercutting their companies' ability to fight off intruders.

What's needed is a team approach, especially one that involves a corporate legal department that understands the investigative process and can help law enforcement, according to a panel of experts, including some current and former top U.S. computer crime investigators. The comments were made at a public policy forum this week on privacy and security issues sponsored by the Bureau of National Affairs Inc., a news and information service.

IDG.net INFOCENTER
IDG.net
Related IDG.net Stories
Features
Visit an IDG site


IDG.net search



When security problems arise at many companies, legal counsel is often left out of the loop, said Christopher Painter, deputy chief of the computer crime section at the U.S. Justice Department. "System operators don't think about that; that's not their first concern," he said.

One company that uses a cross-departmental approach in tackling computer crime is J.P. Morgan Chase & Co. in New York. That firm has dedicated teams around the globe for managing information security, and incident response teams that include senior managers, a fraud division, the human resources department in case an employee is involved, auditors if there's breakdown in controls, as well as legal and corporate staff, said Jacinthia Lawson, a risk management officer at the company.

Many companies, however, remain reluctant to involve law enforcement in computer crime investigations for fear that publicity will hurt their firms.

But Shawn Henry, who heads the computer intrusion unit at the National Infrastructure Protection Center, said most investigations never reach the public eye.

Henry said he has more than 1,200 pending investigations, and 99 percent of them remain out of the public eye "because I don't go talking about them."

Companies that concentrate on remediation -- closing off a vulnerability to deter an attacker -- without any investigative follow-up, may be hurting themselves in the long run, especially if they're dealing with an attack by a disgruntled employee or competitor, said Scott Charney, the former chief of the Justice Department's computer crimes division who's now a partner at PricewaterhouseCoopers. "You can spend the rest of your lives remediating and they will spend the rest of their lives trying to attack you," he said.



RELATED STORIES:
EU unveils plan to fight cybercrime
January 31, 2001
Group voices concern over EU cybercrime plan
December 5, 2000
European justices pass stiff e-commerce law
December 4, 2000
The Netherlands adopts cybercrime pact
November 30, 2000
Cyber cop unit to fight Internet crime
November 13, 2000
Users show some sympathy to Microsoft over security
November 9, 2000
Industry group: Security key to 'next generation' Web
November 8, 2000

RELATED IDG.net STORIES:
Can legal systems effectively handle computer crime?
(Unix Insider)
Federal systems increasingly falling prey to hackers
(Computerworld)
Bush adviser urges cybercrime cooperation
(Computerworld)
Computer crime losses increase
(IDG.net)
No one is immune to identity theft
(The Industry Standard)
FBI warns of digital-crime wave from Eastern Europe
(The Industry Standard)
European cyber-crime proposal blasted
(IDG.net)
Security center issues antihacker tool
(IDG.net)

RELATED SITES:
Bureau of National Affairs
America Online
U.S. Department of Justice
See related sites about Science and Technology

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


 Search   





MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 













Back to the top