Slashdot Mirror

← Back to Stories (view on slashdot.org)

Industry IT Security Certification Proposed

Posted by Soulskill on from the measuring-and-documenting-your-weaknesses dept.

Roberto123 writes "The US can build defenses against 'cyberwar' by having government and the private sector work together to confront the threat, a panel of experts said at RSA Conference 2011 in San Francisco this week. 'Chertoff called for a regulatory framework where company executives and board members sign on the dotted line, certifying what steps they have taken to secure their network, what backup systems they have in place and what level of resiliency is built into their IT system. “People take that seriously. Is it dramatic? No, but it moves the ball down the field,” Chertoff said. Schneier concurred, noting that holding individuals at a company accountable for certain protections has worked with environmental regulations and Sarbanes-Oxley, the post-Enron law that requires directors and executives to certify their financial results.'"

5 of 102 comments (clear)

  1. War Cap by causality · · Score: 5, Insightful

    As a nation, we are fighting either politically or violently on too many fronts here. We have too many wars going on. To name a few:

    • War on (some) Drugs
    • War on Poverty
    • War on Terror
    • War on Obesity

    Now there's "cyberwar". There should be no new wars until we declare victory or admit defeat on some of the existing ones. Actually when I consider how successful the ones in the (incomplete) list above have been, I think we can save a great deal of time just admitting defeat on all of them. Then, instead of a retaliatory "cyberwar" we can do something rational like secure our systems.

    Is that really so much to ask? It'd be easier than what we are doing now.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  2. what I've learned from the I.T. industry... by MickyTheIdiot · · Score: 4, Insightful

    All "certifications" are scams at some level. Some worse than others, but at some point it's about wanting to get your money while doing very little. It will create a nice new market for testing centers, book writers and publishers, and study material makers, but will ultimately do very little. Think how much Microsoft Certified Engineer....

  3. I fully support this by the_Bionic_lemming · · Score: 3, Insightful

    I fully support this - as long as we can hold policy makers to the exact same standards of punishment when things go wrong (like recessions, budget shortfalls, and other issues).

    --
    _ _ _ Go for the eyes Boo! GO FOR THE EYES!
  4. and while they are busy doing that ... by Zemran · · Score: 3, Insightful

    ... I will be busy building a new wooden fence around my property to keep out flies. I think that I will be about as successful ...

    --
    I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
  5. Re:Oh good. by ozmanjusri · · Score: 3, Insightful

    push us further towards a "Standards and Compliance" posture, and not a real security posture.

    There's a reason for that.

    Echoing the comments of Microsoft security chief Scott Charney from his Tuesday keynote calling for a “collective defense” of the Internet

    The manufacturer of the deeply flawed system at the hear of most security problems wants everybody else to pay for the consequences, so they're lobbying lawmakers. They'd also be pretty happy if it props up a few buggy whip businesses on the way.

    What's the bet the certification requirements will read like:

    1. Microsoft IIS Server (TM) is current and patched.
    2. McAfee Antivirus (TM) installed and updated.
    3. Microsoft .NET (TM) registered with Microsoft update and verification tool.
    4. All online systems systems pass Microsoft WGA (TM) checks.
    5. ...
    6. Profit.
    --
    "I've got more toys than Teruhisa Kitahara."