Alternative Solutions and Recommendations

The deployment of appropriate management approaches to maintain system security is critical. Undue reliance on information security technology might be counter-productive. The use of trusted third parties wherever necessary might also lessen the burden on businesses that might not have the resources to detect threats, respond to breaches quickly and effectively, as well as undertake vulnerability testing and security reviews.

A prominent role is nevertheless given to technological means of combating fraud such as devices that ascertain the identity of a credit card- holder. The use of encryption is one such method, though it is also open to fraudsters to use it to prevent detection. Biometric identification and electronic signatures also serve the same purposes. The U.S. argument that high- level encryption systems should not be publicly available or exported to other nations has not led to drought because other countries have moved in to fill the void. In any case, secure electronic payment systems require encryption. A by-product of this is the ability to control money-laundering operations.

Other technological mechanisms include firewalls, anti-virus programs and other software with specific capabilities such as preventing e- mail eavesdropping or piracy of intellectual property. Technical means have become increasingly prominent in the area of IP protection because the new technologies empower consumers to make copies at will or transmit them virtually to anyone. Microsoft has thus offered a 'new Windows Rights Management Software (RMS)' to enable users to control 'how and where different sorts of content' they generate could be further used. ^[18]

Moreover, national authorities have established computer emergency response teams to handle major attacks on networks and systems. These are ongoing activities and assume preventative roles. In the U.S., the FBI sought to introduce a system ('InfraGard') that alerts businesses about security threats to their information systems and provides them with safe e- mail communication to share concerns with each other. However, the fear of businesses suffering cyberattacks from being shut down for investigation by the FBI has limited its acceptance.^[19]

A third possible alternative for securing networks is the rise of self-help schemes that establish standards of performance to which industry opera- tors have to adhere. Various security, trust and privacy protection schemes have been established by groups of companies. Examples are TrustE and CPAWebTrust in the U.S., TrustUK and TRUSTEDSHOPS in Europe. These schemes hope to foster trust and confidence in networks and online businesses.

^[18]Stacy Cowley and Paul Roberts, Microsoft makes documents more secure. PCWorld, February 24, 2003. Available at: http:// www.idg.net/ic_1186054_9677_1-5046.html.

^[19]David A. Vise, FBI takes aim at cyber-crime: Agency seeks to enlist wary private sector in joint prevention effort. Washington Post, January 6, 2001, FINAL A2. Accessed online from Factiva.