Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    ISF Updates Security Standard, While Encouraging Accountability

    By
    MICHELLE MAISTO
    -
    July 31, 2016
    Share
    Facebook
    Twitter
    Linkedin
      ISF guidelines

      The Information Security Forum, a not-for-profit association that offers research-based security guidance to a global membership of enterprises, on July 27 issued a major update to its Standard of Good Practice, a guide for meeting the objectives set out by the U.S. National Institute of Standards and Technology.

      The updated guide has been restructured into 17 categories and makes it easier to more systematically address four information security life cycles: employment, information (electronic, printed and spoken), hardware and system development.

      Steve Durbin, managing director of the ISF, has pointed to escalating security threats and the need for organizations to be more transparent and methodical about their governance, as they’ll eventually be called on to show the steps they’ve taken to secure information. In a statement announcing the update, he said he hopes businesses view the Standard as “practical guidance” and a “business enabler.”

      Speaking with eWEEK the day before its release, Durbin discussed how data breaches used to be so-called messes left to “the security guys” to clear up, which is now far from the case.

      “More recent breaches and hacks have demonstrated that when something goes wrong, someone has to stand up and say something about it,” Durbin said, on a call from London. “The bigger the breach, the higher up the executive chain. … It has served to tell the C-suite that security is something they have to address, as a matter of business continuity.”

      Stock prices fall after a publicized breach, yes. But they tend to recover.

      The change taking place has more to do with customers and employees, said Durbin. “It’s about trust, reputation, brand. And that’s where people like the CMO [chief marketing officer] tend to get involved. As you break down the impact, everyone in the boardroom has a role to play now.”

      Durbin has been preaching for some time that security has become an issue that can put the entire C-suite on trial, as it were, defending their actions.

      So what about the ways governments handle data? Are officials feeling the same pressure as CEOs? Not yet, says Durbin.

      “Government doesn’t seem to have the same level of accountability,” Durbin said. “The reality is that they seem to be able to gather it, store it and if it gets lost, well, that’s the nature of the beast. Sorry about that.”

      Which, he notes, has a lot to do with where organizations decide to put their budgets.

      “This is increasingly where we see risk assessment taking place—private or public, it doesn’t matter,” said Durbin.

      And in both cases, there’s a need to engage people to help improve the outcome.

      “We’re battling a range of elements. People want to say, ‘It’s not really my responsibility. It should have been secured. It’s not my fault.’ … And really there is no easy answer. But it does come down, in part, to individual training … and to raising the level of engagement,” said Durbin.

      “Humans do have the ability to be the strongest link—to spot things that are out of pattern,” he continued, noting that such areas are where sophisticated technologies such as machine learning can contribute as an additional line of defense. But humans will still always play a major role.

      As for the ISF, its membership has changed along with the thinking about security. According to Durbin, ISF membership has doubled over the last four or five years, with now more than 400 members in 32 countries—versus 15 countries a few years ago.

      From a vertical perspective it’s also changing. While inherently security-centric verticals once dominated—banking used to represent one-third of membership, but is now one-fourth—membership from verticals such as transportation, manufacturing, retail and utilities is increasing. Which Durbin says points to how “mainstream” security is, now that everything is cyber-enabled.

      “We’ve seen an increased level of understanding of the importance of security, certainly. That said,” he added, “companies are still trying to play catch up.”

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×