Enterprise security strategy - Is More Cyber-Security Regulation the Answer? - eWeek Security Watch
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Is More Cyber-Security Regulation the Answer?

Written By
Brian Prince
Brian Prince
Dec 2, 2010
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

A survey of critical infrastructure companies by Enterprise Strategy Group reported that the companies with the most industry regulations to address tended to have better security practices, something that did not strike me as all that surprising. What did strike me as somewhat surprising, though, is some of the things people agreed the government should do in regards to cyber-security.

According to the survey (PDF) – which fielded answers from a total of 285 security pros in industries such as food and agriculture, defense and information technology – 39 percent said the government should “enact more stringent cyber-security legislation along the lines of PCI.” Thirty-two percent believed the government should create legislation with higher data breach fines.

“My guess is that they want to codify a set of strict requirements and controls into a single universal regulation,” said Jon Oltsik, an analyst with Enterprise Strategy Group. “Remember too that these organizations do electronic business with less secure firms that could compromise their security as well. The current landscape is made up of security ‘haves’ and ‘have nots’ which makes us all less secure.”

In his testimony before the U.S. Senate committee on Homeland Security and Government Affairs Nov. 17, Mark Assante, president and CEO of the National Board of Information Security Examiners, said new regulations are needed to provide risk-based performance requirements that discouraged what he called a “predictable and static defense.” On the one hand, regulations can serve as a solid baseline for security; on the other, they can serve as false indicators if security is reduced to filling out a compliance checklist.

The call for better regulation was loudest among businesses that are already heavily regulated. Fifty-seven percent of companies dealing with three compliance regulations or more said they wanted more stringent cyber-legislation compared to 31 percent of those that must meet less than three compliance mandates. The discrepancy was similar in the area of data breach fines, with 44 percent of those with three or more compliance mandates saying fines need to be higher compared to 26 percent of those with less than three.

What all this shows, Oltsik said, is that businesses know what is working and what is not.

What do you think?
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information