Skip to main content /TECH with /TECH

IT, legal staff urged to unite against cybercrime


(IDG) -- IT departments that battle computer crime John Wayne-style, or all by themselves, may be undercutting their companies' ability to fight off intruders.

What's needed is a team approach, especially one that involves a corporate legal department that understands the investigative process and can help law enforcement, according to a panel of experts, including some current and former top U.S. computer crime investigators. The comments were made at a public policy forum this week on privacy and security issues sponsored by the Bureau of National Affairs Inc., a news and information service. INFOCENTER
Related Stories
Visit an IDG site search

When security problems arise at many companies, legal counsel is often left out of the loop, said Christopher Painter, deputy chief of the computer crime section at the U.S. Justice Department. "System operators don't think about that; that's not their first concern," he said.

One company that uses a cross-departmental approach in tackling computer crime is J.P. Morgan Chase & Co. in New York. That firm has dedicated teams around the globe for managing information security, and incident response teams that include senior managers, a fraud division, the human resources department in case an employee is involved, auditors if there's breakdown in controls, as well as legal and corporate staff, said Jacinthia Lawson, a risk management officer at the company.

Many companies, however, remain reluctant to involve law enforcement in computer crime investigations for fear that publicity will hurt their firms.

But Shawn Henry, who heads the computer intrusion unit at the National Infrastructure Protection Center, said most investigations never reach the public eye.

Henry said he has more than 1,200 pending investigations, and 99 percent of them remain out of the public eye "because I don't go talking about them."

Companies that concentrate on remediation -- closing off a vulnerability to deter an attacker -- without any investigative follow-up, may be hurting themselves in the long run, especially if they're dealing with an attack by a disgruntled employee or competitor, said Scott Charney, the former chief of the Justice Department's computer crimes division who's now a partner at PricewaterhouseCoopers. "You can spend the rest of your lives remediating and they will spend the rest of their lives trying to attack you," he said.

EU unveils plan to fight cybercrime
January 31, 2001
Group voices concern over EU cybercrime plan
December 5, 2000
European justices pass stiff e-commerce law
December 4, 2000
The Netherlands adopts cybercrime pact
November 30, 2000
Cyber cop unit to fight Internet crime
November 13, 2000
Users show some sympathy to Microsoft over security
November 9, 2000
Industry group: Security key to 'next generation' Web
November 8, 2000

Can legal systems effectively handle computer crime?
(Unix Insider)
Federal systems increasingly falling prey to hackers
Bush adviser urges cybercrime cooperation
Computer crime losses increase
No one is immune to identity theft
(The Industry Standard)
FBI warns of digital-crime wave from Eastern Europe
(The Industry Standard)
European cyber-crime proposal blasted
Security center issues antihacker tool

Bureau of National Affairs
America Online
U.S. Department of Justice
See related sites about Science and Technology

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


4:30pm ET, 4/16

Back to the top