One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 5501958 |
| Date de publication | 2022-07-02 12:23:41 (vue: 2022-07-02 01:05:27) |
| Titre | Standards development - a tough, risky business |
| Texte |  News emerged during June of likely further delays to the publication of the third edition of ISO/IEC 27001, this time due to the need to re-align the main body clauses with ISO's revised management systems template. The planned release in October is in some doubt. Although we already have considerable discretion over which information security controls are being managed within our ISO/IEC 27001 Information Security Management Systems today, an unfortunate side-effect of standardisation, harmonisation, adoption, accreditation and certification is substantial inertia in the system as a whole. It's a significant issue for our field where the threats, vulnerabilities, impacts and controls are constantly shifting and often moving rapidly ahead of us … but to be honest it's equally problematic for other emerging and fast-moving fields. Infosec is hardly special in this regard. Just look at what's happening in microelectronics, IT, telecomms, robotics, environmental protection and globalisation generally for examples. One possible route out of the tar-pit we've unfortunately slid into is to develop forward-thinking 'future-proof' standards and release them sooner, before things mature, but that's a risky approach given uncertainties ahead. It would not be good for ill-conceived/premature standards to drive markets and users in inappropriate directions. It's also tough for such a large, ponderous, conservative committee as ISO/IEC JTC 1/SC 27. However, the smart city privacy standard ISO/IEC TS 27570 is a shining beacon of light, with promising signs for the developing security standards on Artificial Intelligence and big data security too. I wish I could say the same of 'cyber', cloud and IoT security but (IMNSHO) the committee is struggling to keep pace with these fields, despite some fabulous inputs and proactive support from members plus the likes of the Cloud Security Alliance and NIST. The floggings will continue until morale improves.Another tar-pit escape plan involves speeding-up the standards development process, perhaps also the promotion, accreditation and certification processes that follow each standard's publication – but again there are risks in moving ahead too fast, compromising the quality and value of the standards, damaging ISO/IEC's established brands. |
| Envoyé | Oui |
| Condensat | sc the although looking personally 1/sc 27001 27028 27570 ;be accordingly accreditation achieving actively adapting adopt adopting adoption again ahead align alignment all alliance already also alternatives ample annex another anything appears approach approaches approval are areas around artificial aside attributes auditors awareness back based beacon been before being best better between beyond big blocking bodies body both brands building business busy but can cats certification challenges challenging changes chapter cherry city clarify clauses cloud collaborate collaborative colleagues commenting committee community compared complementary completely compromising conceived/premature consensus conservative considerable considerate consideration considering constantly constraints contemporary context continue contributing control controls convince costly could creative criticising cultural current currently cyber damaging data delays despite develop developing development dialogue difficult diplomacy directions discretion diverse done doubt draft drafting drafts drive due during each early edition editorial effect effort either emerged emerging engaging environmental equally escape especially established example examples expert expertise experts explicit extract fabulous fast field fields first floggings follow formalities forward foundational from further future gain gaining generally generating get give given global globalisation good google governance group groups guide happening happens hardly harmonisation has have help herd here hold honest how however hurdles idea ill imnsho impacts implicit importance improves inappropriate including increasing inertia informal information infosec innovative inputs integrated intelligence international involvement involves iot iso iso/iec iso27k issue jtc june just keep knowledge large largely latter leadership least light likely likes likewise look lot main managed management managing markets matter mature meanwhile meetings members mere methods microelectronics microsoft mitigation mix modern morale more most moves moving national near necessary need new news nist not novel now objectives occasionally october offer often one online open optimisation optimise option organisation organisations other otherwise out over overall pace page painlessly particularly peer perhaps person persuade picking pit place plan planned platforms plus ponderous portfolio possible practices preliminary privacy proactive problematic process process;propose processes productive professional progress promise promising promotion proof proofreading protection publication pulling pushing putting quality quickly rapidly rather realtime recent regard relatively release remarkably remember replacing respected reviewing revised right risks risky robotics route same say security see separate services; shape shifting shining side significant signs sizeable slid smart smooth social some something sooner special speed speeding stages standard standardisation standards standards;think strategy struggling subject substantial successful such suggested supplementing support support/consensus supportive sure system systems takes tar targets teams telecomms template than that them these things thinking third threats through time times: today together tolerant too touchline tough treating turns uncertainties understand understanding unfortunate unfortunately unilaterally until upon users value very virtual voluntary volunteer voting vulnerabilities well what whatever where whether which whichever whole will wish within without work working world worth would yearn yet |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.