Slashdot Mirror

← Back to Stories (view on slashdot.org)

Industry IT Security Certification Proposed

Posted by Soulskill on from the measuring-and-documenting-your-weaknesses dept.

Roberto123 writes "The US can build defenses against 'cyberwar' by having government and the private sector work together to confront the threat, a panel of experts said at RSA Conference 2011 in San Francisco this week. 'Chertoff called for a regulatory framework where company executives and board members sign on the dotted line, certifying what steps they have taken to secure their network, what backup systems they have in place and what level of resiliency is built into their IT system. “People take that seriously. Is it dramatic? No, but it moves the ball down the field,” Chertoff said. Schneier concurred, noting that holding individuals at a company accountable for certain protections has worked with environmental regulations and Sarbanes-Oxley, the post-Enron law that requires directors and executives to certify their financial results.'"

3 of 102 comments (clear)

  1. War Cap by causality · · Score: 5, Insightful

    As a nation, we are fighting either politically or violently on too many fronts here. We have too many wars going on. To name a few:

    • War on (some) Drugs
    • War on Poverty
    • War on Terror
    • War on Obesity

    Now there's "cyberwar". There should be no new wars until we declare victory or admit defeat on some of the existing ones. Actually when I consider how successful the ones in the (incomplete) list above have been, I think we can save a great deal of time just admitting defeat on all of them. Then, instead of a retaliatory "cyberwar" we can do something rational like secure our systems.

    Is that really so much to ask? It'd be easier than what we are doing now.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  2. Re:Oh good. by nurb432 · · Score: 5, Interesting

    It will raise costs for IT services and create another ecosystem for 'certification holders' to milk.

    Reminds me of iso9000..

    --
    ---- Booth was a patriot ----
  3. what I've learned from the I.T. industry... by MickyTheIdiot · · Score: 4, Insightful

    All "certifications" are scams at some level. Some worse than others, but at some point it's about wanting to get your money while doing very little. It will create a nice new market for testing centers, book writers and publishers, and study material makers, but will ultimately do very little. Think how much Microsoft Certified Engineer....