Fight fraud not ID theft
By John Leyden
Published Thursday 28th April 2005 12:00 GMT
ID theft is a misnomer which is hurting the fight against fraud,
according to encryption guru Bruce Schneier. Instead of talking about
ID theft it's better to talk about fraud due to impersonation, he
claimed.
The crime exists because identifying information about a person is
easy to steal and valuable once it is stolen. Schneier said that
rather than focusing on making identity harder to steal it makes more
sense to make information harder to use for criminal purposes. "The
industry is going the wrong way in the US by worrying about keeping
identity details secret. The focus should be on fraud. European
countries, such as Holland [The Netherlands], are doing better than
the US," he said.
Schneier made his comments during a press conference at the
Infosecurity Europe trade show in London on Tuesday. Identity and
access management, along with the fight against spyware, were key
themes of this year's show.
Tim Pickard, area VP international marketing of RSA Security, said
firms need to move from a network centric approach to security
towards implementing technologies that defined how an individual was
allowed to use systems. Half (50 out of 100) IT directors quizzed in
an RSA-sponsored survey cited identity theft, poor internal IT
security practices, lost and stolen passwords and unauthorised access
to data as the security issues of concern. Each of these potential
threats can be addressed from a cohesive identity management strategy
but firms often fall into the trap of implementing a piecemeal
approach that may prove to be more expensive in the long term,
according to Pickard.
RSA's survey found users tend to buy products on a tactical basis,
rather than as part of a coherent strategy. Almost half (48 per cent)
of respondents cited single sign-on as the most fully implemented
element, with directory management second, web services third and
strong authentication fourth. For 83 per cent of IT Directors,
increased data security was viewed as a key driver for deploying an
identity and access management solution, with 74 per cent citing
regulatory compliance as an important goal. ®
---
* Origin: [adminz] tech, security, support (192:168/0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:03:52
search: