APPENDIX 3: CALL FOR EVIDENCE
The inquiry invites evidence on security issues affecting
private individuals when using communicating computer-based devices,
either connecting directly to the Internet, or employing other
forms of inter-connectivity.
In particular, the Committee invites evidence on
the following questions:
Defining the problem
- What is the nature of the security
threat to private individuals? What new threats and trends are
emerging and how are they identified?
- What is the scale of the problem? How are security
breaches affecting the individual user detected and recorded?
- How well do users understand the nature of the
Tackling the problem
- What can and should be done to
provide greater computer security to private individuals? What,
if any, are the potential concerns and trade-offs?
- What is the level of public awareness of the
threat to computer security and how effective are current initiatives
in changing attitudes and raising that awareness?
- What factors may prevent private individuals
from following appropriate security practices?
- What role do software and hardware design play
in reducing the risk posed by security breaches? How much attention
is paid to security in the design of new computer-based products?
- Who should be responsible for ensuring effective
protection from current and emerging threats?
- What is the standing of UK research in this area?
Governance and regulation
- How effective are initiatives
on IT governance in reducing security threats?
- How far do improvements in governance and regulation
depend on international co-operation?
- Is the regulatory framework for Internet services
- What, if any, are the barriers to developing
information security systems and standards and how can they be
- How effective is Government crime
prevention policy in this area? Are enforcement agencies adequately
equipped to tackle these threats?
- Is the legislative framework in UK criminal law
adequate to meet the challenge of cyber-crime?
- How effectively does the UK participate in international
actions on cyber-crime?