I’ve had three discussions in two days about whether Government CERTs are different from others, which makes it a FAQ! It seems to me that legislation may be heading that way, and that that could create a potential problem for sharing information.
Most CERTs act in the interests of a particular, reasonably well-defined, constituency. However a [...]
The House of Commons Science and Technology Committee has published a report on Malware, which recommends increased awareness among Internet users as the best way to deal with the problem. There’s a welcome recognition that “it is clear that there is no easy technological answer to cyber crime… hardware solutions are likely to unduly restrict computer [...]
In dealing with breaches of privacy the Commission’s enthusiasm to protect and reassure Internet users seems to run the risk of having the opposite effect. Article 4(9) of the proposed Regulation defines
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal [...]
The Commission’s proposed Data Protection Regulation seems very positive for Incident Response. Indeed Recital 39 explicitly supports the work of Incident Response Teams:
The processing of data to the extent strictly necessary for the purposes of ensuring network and information security … by public authorities, Computer Emergency Response Teams … providers of electronic communications networks and [...]