CSSA addresses web security

The Computing Services and Software Association (CSSA) is spearheading a programme for ebusinesses to report security incidents anonymously, in an attempt to gauge the true threat of cyber crime.

Along with the Alliance for Electronic Business, the CSSA will be launching information security and analysis centres at the end of the month where the breaches can be investigated.

Public embarrassment and damage to a company's image are key factors that prevent open reporting of security breaches, according to Tim Conway, director of industry affairs at the CSSA.

"Nobody wants to report that they have systems that have been breached. There is the adverse publicity and also the potential legal liability associated with it," he said, adding that publicity hinders the investigation of breaches and the sharing of vital information that can protect other users.

Members will be able to report incidents anonymously and give information about the configurations and state of their system and applications.

Security analysts will then look for patterns and report back to that particular user community to lift the veil of secrecy that surrounds breaches, whether malicious or accidental.

"These security centres need to be organised along vertical business lines," said Conway. "You'd have separate ones for banking, finance, retail and services. We must enable people to report incidents so we can learn what the problems are."

Interpol last month said it could act as a trusted third party to investigate patterns of breaches in different sectors through co-operation with the private sector.

"If Interpol knows when companies have been hit and how, we could already be setting up some form of intelligence," said Raymond Kendall, secretary general at the agency.