Welcome to the SecAware blog

I spy with my beady eye ...

25 May 2021

Stepping on the cracks


Anyone seeking information security standards or guidance is spoilt for choice e.g.:

Studying these is hard work. Aside from simply keeping up with developments all as they evolve in parallel, taking in their distinct perspectives on essentially the same area plus often subtle difference in their use of language consumes a lot of brain cycles

Naturally there is a lot in common since they all cover [parts of] information security. Commonality and consensus reinforces the conventional approaches of 'generally accepted good security practices', and fair enough. Personally, however, I am fascinated by the differences in their structures, emphasis and content, reflecting divergent purposes and scopes, authors, histories and cultures.

Some focus on the paving slabs. I'm looking out for the cracks.  

ISACA's COBIT, for instance, emphasizes the business angle (satisfying the organization's objectives), whereas various certification standards, laws and regs emphasize the formalities of specification and compliance, addressing societal aspects of information security. At the same time, privacy concerns the rights and expectations of the individual. Three different perspectives.

The recently-published ISO/IEC TS 27570 "Privacy guidelines for smart cities" neatly illustrates the creativity required to tackle new information risks arising from innovation in the realm of IoT, AI and short range data communications between the proliferating portable, wearable and mobile IT devices now roaming our city streets. Likewise with the ongoing efforts to develop infosec standards for smart homes and offices. 

There are opportunities as well as risks here: striking the right balance between them is crucial to the long term success of the technologies, suppliers and human society. Spotting opportunities and responding proactively with sound, generally-applicable advice is an area where standards can really help. It's not easy though.

No comments:

Post a Comment