"ComplianceSpeak"

As reported by Jack Grimston: Timesonline April 1st, 2007

This report in the Sunday Times obviously caught my attention, being one of the areas that iCompli have specialist solutions to prevent.

"ONE of Britain’s top independent schools is under police investigation over allegations of pupil bullying involving the use of internet images of torture, murder and child pornography."

Using a combination of text and image based software monitoring tools, schools are perfectly capable of managing this and AVOIDING the harm and damage that is done.

Whilst it is can be difficult to 'forensically' place a person at the keyboard (false log-ins etc.) it is NOT difficult to be aware of the occurrence of this activity and to pro actively deal with these types of so-called 'cyber abuse'. When schools, or any organisation for that matter, profess to being vigilant, I wonder how they technically deliver such vigilance? How do they monitor all internet access, including the overseas border who uses their own laptop to web conference with their parents in Hong Kong?

“We are always vigilant and thorough in any matter linked to child protection, to the welfare and safety of pupils and to their pastoral care,” the head teacher said.

With care, thought, and yes investment in monitoring tools, the pastoral care of our children can be greatly enhanced.

We cannot expect to give our technology-wise children safe access to THE most unregulated, media-rich environment on the planet without professional monitoring.

"Will email marketing make you a registered sex offender"
"Sending offensive emails can land you on the UK Sex Offenders' Register"
"Racy emails could land sender on Sex Offender List"

Really ... Seems to me that there has been rather too much headline searching here. 

The recent introduction of The Sexual Offences Act 2003 (Amendment of Schedules 3 and 5) Order 2007 no doubt has important connotations, and it's clear that the law now makes it possible for someone to become the subject of a Sexual Offences Notification Order (SOPO) as a result of their email activity. But is it likely that sending your friends 'THAT' picture of Jordan is going to have on the Sex Offenders' List? OF COURSE NOT!

What then is the real message behind the headlines?

I consider there are three clear messages; 1. society is increasingly less tolerant of sexual offences, 2.   increasing use of electronic surveillance means there is no place to hide, the equivalent I suppose of clamping down on 'digital sex tourism', and 3. legislation is catching up with technology, closing down any loopholes that existed in law.

As reported on BBC News

14 members of staff at the DVLA headquarters in Swansea have been sacked for downloading pornography.

A spokesperson said: "DVLA has started dismissal proceedings against 14 members of staff for gross misconduct."

101 other members of staff will be disciplined for "using agency's electronic systems to send pornographic e-mail attachments out of the agency, in direct contravention of DVLA's code of conduct."

Unfortunately this level of non-compliance does not surprise me in the least.  The audits that we carry out using the PixAlert image auditor regularly demonstrate that this issue of pornography on corporate internets is growing everyday and IS NOT going to go away.

From a compliance perspective this problem can be resolved with the correct application of audit, monitoring and policy reinforcement tools.

For the DVLA it's "wake up and smell the coffee time".  Think about the cost of going through 14 dismissals and 101 disciplinary cases! The cost of dealing with this issue far outweighs the preventative costs.

To find out more about the iCompli FREE Discovery Audit (where we scan a proportion of your network for illicit images free of charge) follow this link.

This month, Duncan Smith of iCompli writes in Public Servant about some of the security issues raised by IT decision makers who visited the PixAlert stand at InfoSecurity Europe 2006.

We met a lot of public sector people on the Stand this year, and a clear message was being aimed at us; "how can we give assurances that out ICT assets are not being abused?"

Demonstrating how inappropriate images are downloaded passed gateway filters was quite an eye-opener for many. Existing security is fallible. 

Our offer of a free Discovery Audit, identifying illicit images on a proportion of ICT networks, was greatly oversubscribed, although we have extended the offer on a first come first served basis.

Why is the Discovery Audit popular? Because we all (should) have a healthy degree of sceptisim when it comes to 'being sold a technology solution' to any problem.

And rightly so, it has to work and it has to solve a problem.  The discovery audit is a simple way for us to demonstrate that the technology is effective at identifying inappropriate images on ICT Networks, and the management reporting is a very effective way at identifying and managing any abuse of ICT resources.  It works, and it solves a problem.

As John Nolan, CEO of PixAlert said at the show ...

"Knowing what your gateway filters have stopped is not the assurance businesses seek from Network Controllers; it's knowing what they have failed to stop!"