Re: Request for help on computer crime research

[daria angelini <daria.angelini () transcrime unitn it>]

In-Reply-To: <3F6087D6.33B949D5 () bah com>

The questionnaire I wrote begins with a set of definitions which should help people to fill in the questions. I have 
tryed to set up those definitions in such a way that they can be applied to
different jurisdictions. However, the questionnaire aims to acquire an
insight on the type and the amount of incidents within the companies
surveyed and their response strategy (personnel involved, actions taken
etc).
> From a business point of view I supposed that the multijurisdictional path
followed by the attacker is obviously one of the variables considered when
the prosecution/not prosecution question is raised. Though there is a set of
major problems which should be solved before taking in consideration the
"multijurisdictional issue" (i.e. incidents are often managed by the IT
departments without involving any security/legal manager so that incidents
are patched but the illegal behaviours is not addresed at all; or the
company
is not prepared to collect digital evidence so that there is no way to go on
with legal actions (civil or criminal) even though the culprit has been
identified). Moreover, there are still several countries where no laws on
computer crime have been established yet so that when a crime occured it's
almost impossible to go on with the prosecution.

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------