AOH :: IS1752.HTM

Re: Feds forge gold standard for cybersecurity

Re: Feds forge gold standard for cybersecurity
Re: Feds forge gold standard for cybersecurity

Forwarded from: Richard Forno 

Okay, will somebody kindly tell me how this "gold standard" is *any* 
different from other corporate-level IT security control "standards" 
;and "best practices" over the years?  Is there something reeeaallllly 
different here or is this yet another case of reinventing the wheel on a 
vehicle that's stuck in the mud and never goes anywhere anyway?  From 
this one article, it sounds like MOTSS.

Cynically from DC,


On Feb 24, 2009, at 05:48 , InfoSec News wrote:

> By John Leyden
> The Register
> 23rd February 2009
> A consortium of US federal agencies have drawn up a list of critical 
> security controls they hope will serve as a gold standard for 
> cybersecurity.
> The Consensus Audit Guidelines (CAG) list is part of larger plans to 
> apply the CSIS Commission report on cybersecurity as a blueprint for 
> making information security systems more secure. A public consultation 
> on the scheme, launched on Monday, is due to run through 23 March. 
> After that point federal security agencies will road-test the scheme.
> Information security specialists at federal agencies pooled their 
> knowledge on current attack techniques and countermeasures to draw up 
> a list of 20 key actions, termed security controls, that organisations 
> need to take to defend against assault. The first 15 controls on the 
> draft list lend themselves to automation, while the remaining five 
> have more to do with broader security policy and personnel issues.
> Although these controls were drawn up by federal agencies they might 
> be applied across diverse industry sectors from retailing, to banks, 
> defense contractors and government agencies.


Best Selling Security Books and More! 

Site design & layout copyright © 1986-2014 CodeGods