Page 12 - Cyber Warnings
P. 12
viewpoints. The process would provide for the best methods in theory and practice. These
would be provided with a single person or faceless entity. With the group, there are many views
and opinions. These are able to be molded together.
After the draft of the standard is put in writing, there should be testing and/or a pilot study. The
standard would not be put into place without this being done in the various environments. This
would also function to verify what works best across the industries.
Starting Points
This is a rather substantial project on several fronts. After gaining acceptance, which would not
be a small feat in its own right, forming the committee would also require an immense amount of
time, effort, and resources. As for the protocols, there are a number of generally accepted
protocols for encryption, web applications, firewalls, authentication, defense in depth, Wi Fi, and
log management. These would provide a starting point to be followed. The committee may
begin to grow in depth the knowledge on these topics prior to reviewing future movements.
Mandated
There needs to be a form of motivation to adhere to these. Without the industry following these
unified standards, these standards would only be yet another one in the field for review. In effect
the community would be splintered yet further. The new set of standards would require some
form of liability, as a motivator. If these standards are not followed, the entity electing not to
follow it may be considered acting in a grossly negligent manner. These standards would be
designed to be the minimum, baseline standard to be applied. These would also be based on
industry uses, academia, and persons leading the thoughts in the industry.
Summary
There has been a vast abundance of breaches and compromises in the different fields in recent
years. There has been a leading indicator of potentially becoming a target-there is something
the attacker wants to steal or keep people from accessing. The commonality with a majority of
these attacks has been the attacker exploiting vulnerabilities. The vulnerabilities may have been
remediated, however were not. With these standards being followed, there would be fewer
breaches.
The effect of this would be resources not being wasted, a lesser degree of consumer and
business frustration, and a safer world. Until this point, a set of standards to be used throughout
the industry to this end has not been created or followed. With these in place, the industry would
clearly know what standard is the best practice, and apply it to the project.
Without this being used, there will continue to be more compromises, breaches, and lack of
confidence in InfoSec.
12 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
