IT regulations may weaken security
New rules may force companies to adapt networks to comply with legislation
Tightening global IT regulations may actually weaken IT security, delegates at the UK's first Homeland Security conference heard this week. New legislation in the US, and better funding for regulatory authorities in the developing world, are putting an increasing burden on business, warned Richard Hackworth, group head of IT security at HSBC. In some cases the financial costs can be onerous and may render networks less secure by forcing companies to adapt networks to suit regulation, rather than allowing IT managers to make the final decisions. "The traditional style of regulation in the UK is a tea and biscuits kind of affair: there's a problem, pop round and we'll sort it out together," said Hackworth. "At the other end is a more prescriptive, authoritative attitude to external regulation, and the trend is in this direction at the moment. "Some regulators say you must encrypt this data between this point and that point. In some cases, in my view, this weakens the security system. But we must comply." Hackworth also stressed that doing business on a global level requires one person who deals with all the regulators to make sure that compliance is achieved. Dealing with staff on an international basis can cause problems since physical meetings are rare. A single consistent contact is therefore vital. Such a person also needs access to the board, and the authority to deal with risk management. The US Sarbanes-Oxley Act of 2002 came in for particular criticism. The legislation was introduced in the wake of a number of financial scandals in the US in an effort to impose strict record keeping rules on corporations. Patrick Mercer MP, Conservative homeland security spokesman, said: "I do not think we can go down the US route of putting additional burdens on business that could reduce their competitiveness. "Where we do have to increase the regulatory burden we should also include incentives for business."
Reproduced from an article published by vnunet.com
© vnunet.com
The original article can be viewed here:
http://www.vnunet.com/News/1152481
Permalink Bookmark Digg this story
