> No > matter how many laws are passed or how many policies > are written, they are pretty much useless as they > are not capable of changing people.
Laws don't change people's behaviour...the enforcement of the laws does. In the days of NIPC, the Attorney General mandated a threshold of $5k losses when reporting cybercrimes in order for the FBI to become involved. Did that change behaviour? Yes, but not the behaviour we would want...the crimes still occurred (or in some cases, were thought to have occurred), yet the case load was so overwhelming that unless you could demonstrate a financial loss of $50K, they didn't even blink. Having laws...words written on paper...is ineffective in and of itself. Enforcing those laws, or at least being able to do so, is what has an effect. Even if you have enough trained, qualified LE personnel to enforce the laws, you still have issues of...is the "victim" capable of determining/demonstrating when a crime has occurred? ===== ------------------------------------------ Harlan Carvey, CISSP "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://groups.yahoo.com/group/windowsir/ "Meddle not in the affairs of dragons, for you are crunchy, and good with ketchup." "The simplicity of this game amuses me. Bring me your finest meats and cheeses." ------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
