Security at the Four Corners - CSO Magazine - January 2004: "
When security is a global undertaking, CSOs are subject to the murky legal requirements of multiple jurisdictions at once.
BY DAVID H. HOLTZMAN
A GOOD ROAD trip always seems to include a stop at one of those places where you can stand in three or four states at the same time. So, it's a wonder that data centers don't sell tickets. After all, every computer on the Internet straddles hundreds of countries. This geographic side effect of networked technology is unappreciated by corporate planners, but security wonks know better. They know that the tangled skein of enterprise cabling foreshadows the legal snarls and ethical hairballs that will be coughed up in a security catfight.
When customers and employees are international, ethical ambiguities are compounded. The current war in Iraq has made it painfully obvious that American interests are not necessarily shared by others, even by those whom we consider 'business-friendly.'
Unlike conventional crime, computer thuggery frequently reaches across territorial lines, often originating from countries where the act is not illegal. Using legal bandages to staunch such a security wound may be too little, too late. Businesses with trade secret sensitivities might want to consider less formal protection strategies such as white hat hackers.
Disjointed expectations of privacy mean more than a mismatch in confidentiality laws. There's often a cultural skew. For instance, the requirement for opt-in in the European Union is more than a statute; it reflects the underlying sense of 'fairness' in countries like France or Germany.
What can a globally conscious CSO do? Education always helps. Start by running cultural awareness seminars for security staff to minimize cultural misunderstandings. When training other employees, be clear when explaining the rules. Don't appeal to patriotism or even laws. If it's against corporate rules, it's wrong"