- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
More on cybersecurity: From Anonymous to Hackerazzi: The year in security mischief-making
The Government Accountability Office this week issued a report on just that notion saying: " Given the plethora of guidance available, individual entities within the sectors may be challenged in identifying the guidance that is most applicable and effective in improving their security. Greater knowledge of the guidance that is available could help both federal and private sector decision makers better coordinate their efforts to protect critical cyber-reliant assets."
Such information though is valuable in that these myriad groups offer guidelines and principles as well as technical security techniques for maintaining the confidentiality, integrity, and availability of information systems and data, the GAO stated.
"When implementing cybersecurity technologies and processes, organizations can avoid making common implementation mistakes by consulting guidance developed by various other organizations. Public and private organizations may decide to voluntarily adopt this guidance to help them manage cyber-based risks," the GAO stated.
Who are some of these key organizations? From the GAO:
• International Organization for Standardization (ISO): a nongovernmental organization that develops and publishes international standards. The standards, among other things, address information security by establishing guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.
• International Electrotechnical Commission (IEC): an organization for standardization comprising all national eletrotechnical committees. The commission publishes international standards, technical specifications, technical reports, and publicly available specifications and guides. The information security standards address safety, security, and reliability in the design and operations of systems in the power industry, among other things.
• The International Telecommunication Union: a United Nations agency whose mission includes, among other things, developing technical standards and providing technical assistance and capacity building to developing countries. The union has also developed technical standards for security and, more recently, engaged in other cybersecurity activities. For example, the union has established a study group for telecommunications security to focus on developing standards and recommendations associated with network and information security, application security, and identity management. Similarly, the union, through its members' efforts, prepared a report on cybersecurity best practices for countries seeking to organize national cybersecurity efforts.
• The International Society of Automation (ISA): a global and nonprofit organization that develops standards for automation. It has developed a series of standards to address security in industrial automation and control systems.