Developing and implementing a security incident response plan can be time consuming and often costly - two things most organisations do not have. Without a response plan, incidents can escalate quickly and the impact can be severe. An incident response plan gives organisations a much better chance of isolating and controlling an incident in a timely and cost effective manner.
Honest insiders also are targeted by malicious outsiders through using social engineering. E-mail phishing (and spear-phishing to target high-value individuals) is one of the most common types of social engineering, but examples range from simple phone calls to carefully crafted Web sites hosting malicious content.
We hope that the Committee scrutinising the Bill are brave enough to acknowledge that Part 5 is an old fashioned approach to a very modern problem. Rather than amend Part 5, we hope they send it back from where it came and push for a rewrite so that this legislation can be meaningful rather than meaningless.
My concern is not about the rights of official bodies having access to this information. Rather it is the ability of these organizations to hold such vast amounts of data securely coupled with the idea that a Draft Communications Bill can be written without any real consideration around the practicalities of its implementation.