Team 1 Sec4.5

From CyberSecurity
Revision as of 06:45, 21 October 2005 by Hema (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

--Hema 23:45, 20 October 2005 (PDT)

List and evaluate possible policy levers for government intervention (e.g., tax incentives, legal liability, insurance).

1) Give tax breaks to companies that develop security technologies. To be useful, it would have to lead to lower prices for the right kinds of security products, or better performance at the same price.

2) Give tax breaks to people and organizations that use networked computers in a properly secure way or to obtain cyber-security insurance. In practice, of course, we can’t afford to do a security evaluation on each taxpayer to see whether he deserves a tax break, so we would instead give the break to those who meet some formalized criteria that serve as a proxy for good security. Designing these criteria so that they correlate well with the right kind of security, and so that they can’t be gamed, is the toughest part of designing the program.

3) Government could invest in basic research in cybersecurity. This would result in more capable security products in the long run.

4) Increase the exposure of software and system vendors and system operators to liability for system breaches and mandated reporting of security breaches that could threaten critical societal functions. This might indirectly lead to more cyber crimes with perpetrators targeting companies for easy money.

5) Shifting liability to another party that has the capability to prevent computer security breaches or mitigate the harm caused. this strategies places liability on actors with indirect control over Internet security; computer owners can secure their computers. But then the strategy would assign liability to computer owners whose negligently insecure property serves as an attractive intermediary for computer criminals.

6) Another proposal is to place liability on Internet service providers that permit their users to attack computer security elsewhere. The efficiency of forcing Internet service providers to exercise control over their users is questionable it would likely be extremely costly and intrude on the privacy of the internet users.

7) Mandatory disclosure law requiring companies holding computerized personal information of users to take steps either to encrypt this personal information. Non compliant companies should be subject to civil suits, including class actions, for damages.

8) Stricter punishment for perpetrators of computer crime. Unfortunately they are not only difficult to identify; they are difficult to apprehend and prosecute or sue.

9) Requiring distribution of computer software and hardware with the most secure default settings activated. Several companies already do that. But for non-savvy users it will be difficult to customize their machines according to their requirements.

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Team_1_Sec4.5&oldid=1973"