Forwarded from: Richard Forno <rforno (at) infowarrior.org> Okay, will somebody kindly tell me how this "gold standard" is *any* different from other corporate-level IT security control "standards" ;and "best practices" over the years? Is there something reeeaallllly different here or is this yet another case of reinventing the wheel on a vehicle that's stuck in the mud and never goes anywhere anyway? From this one article, it sounds like MOTSS. Cynically from DC, -rick On Feb 24, 2009, at 05:48 , InfoSec News wrote: > http://www.theregister.co.uk/2009/02/23/cybersecurity_gold_standard/ > > By John Leyden > The Register > 23rd February 2009 > > A consortium of US federal agencies have drawn up a list of critical > security controls they hope will serve as a gold standard for > cybersecurity. > > The Consensus Audit Guidelines (CAG) list is part of larger plans to > apply the CSIS Commission report on cybersecurity as a blueprint for > making information security systems more secure. A public consultation > on the scheme, launched on Monday, is due to run through 23 March. > After that point federal security agencies will road-test the scheme. > > Information security specialists at federal agencies pooled their > knowledge on current attack techniques and countermeasures to draw up > a list of 20 key actions, termed security controls, that organisations > need to take to defend against assault. The first 15 controls on the > draft list lend themselves to automation, while the remaining five > have more to do with broader security policy and personnel issues. > > Although these controls were drawn up by federal agencies they might > be applied across diverse industry sectors from retailing, to banks, > defense contractors and government agencies. [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Tue Feb 24 2009 - 23:28:21 PST
This archive was generated by hypermail 2.2.0 : Tue Feb 24 2009 - 23:31:52 PST