infosec4all.com

Some time ago I wrote how problems associated with proper identification of identity theft and lack of statistical data in the United States. This time, a paper commissioned by the European Network and Information Security Agency (ENISA) aiming to facilitate development of European ecommerce policy identified similar problems existing in the European Union. The paper focuses on the economics of security and discusses economic incentives to both governments and private sector that can facilitate improvement of security and customer confidence in electronic commerce.

The paper, titled Security Economics and the Internal Market provides 15 recommendations on information security issues that need to be handled at member state level and harmonized and coordinated among EU members. The recommendations call for establishment of EU comprehensive security breach notification law, better reporting on security incidents, EU standard for security of network connected equipment, mandatory distribution of software patches, better procedures for resolution of disputes in electronic transactions, and EU wide body similar to NATO in charge of fight against cyber-crime.