Forwarded from: Richard Forno 

Okay, will somebody kindly tell me how this "gold standard" is *any* 
different from other corporate-level IT security control "standards" 
;and "best practices" over the years?  Is there something reeeaallllly 
different here or is this yet another case of reinventing the wheel on a 
vehicle that's stuck in the mud and never goes anywhere anyway?  From 
this one article, it sounds like MOTSS.

Cynically from DC,

-rick


On Feb 24, 2009, at 05:48 , InfoSec News wrote:

> http://www.theregister.co.uk/2009/02/23/cybersecurity_gold_standard/ 
> 
> By John Leyden
> The Register
> 23rd February 2009
> 
> A consortium of US federal agencies have drawn up a list of critical 
> security controls they hope will serve as a gold standard for 
> cybersecurity.
> 
> The Consensus Audit Guidelines (CAG) list is part of larger plans to 
> apply the CSIS Commission report on cybersecurity as a blueprint for 
> making information security systems more secure. A public consultation 
> on the scheme, launched on Monday, is due to run through 23 March. 
> After that point federal security agencies will road-test the scheme.
> 
> Information security specialists at federal agencies pooled their 
> knowledge on current attack techniques and countermeasures to draw up 
> a list of 20 key actions, termed security controls, that organisations 
> need to take to defend against assault. The first 15 controls on the 
> draft list lend themselves to automation, while the remaining five 
> have more to do with broader security policy and personnel issues.
> 
> Although these controls were drawn up by federal agencies they might 
> be applied across diverse industry sectors from retailing, to banks, 
> defense contractors and government agencies.

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/