E-security is no longer the province of IT departments; it is a corporate governance issue that belongs in the boardroom, according to Australia's toughest watchdogs.
In a blunt message to IT managers, the Defence Signals Directorate, the Australian Securities and Investments Commission (ASIC) and law enforcement bodies joined forces to get their message delivered to the CEO that e-security is about 'board management risk exposure'.
Speaking at the inaugural Sydney meeting of the Institute of Online Security, Detective Senior Sergeant Peter Wilkins of the Australasian Centre for Policing Research said that although the risk is high, e-security is rarely addressed at board level.
Security policy, Wilkins said, is still fragmented when it should be a part of due diligence. "Law enforcement bodies are saying the future of national security may hinge on how prepared they are to fight crime on the Internet."
Wilkins has been actively involved in the establishment of a national cyber-crime centre, which was approved by Australasian Police Commissioners earlier this year. He said this will allow the region to combine resources with agencies, academics and the private sector.
Wilkins said private-sector funding will be required to establish the centre but did not elaborate on the total cost. "Four models for the centre are being developed for evaluation which will determine the total cost, but we need it to be a joint venture utilising private-sector expertise, skill sets and funding," he said.
ASIC electronic enforcement director Keith Inman said e-crime is a priority for the commission, which recognises the online environment has brought with it plenty of challenges for the regulatory watchdog.
"The speed at which online groups can develop and attract investor support makes fighting scams and fraud even harder. Also, financial service companies are under extreme pressure to introduce e-commerce offerings to market," Inman said.
"At the same time, Web sites are being used to distribute information to shareholders but directors have to remember they are under the same level of scrutiny as if they were offline.
"The One.Tel collapse has bought governance back in the public eye but corporate governance is just proper disclosure."
Defence Signals Directorate director Ron Bonighton said it hasn't been easy getting e-security standards in government agencies but the Olympics was a great starting point when it came to getting law enforcement, the Commonwealth and private industry working together in a formal way.
"I praise God for Y2K. Until then, it was tough to know what was connected to what; it helped organise the private and public sectors in relation to IT," Bonighton said.
"Progress is being made as government and industry realise online security is a shared responsibility for e-commerce and the national infrastructure."