The UK Government has announced plans to call on the security industry to contribute to an ‘organisational standard’ for effective cyber security management. Organisations will be invited to express their interest in submitting evidence in support of a preferred standard by Monday 8th April 2013. According to the Gov.uk website, “this call for evidence, and our subsequent selection of a preferred standard, will help businesses identify what good cyber risk management looks like and select which organisational standard to invest in.”
This follows the Government’s Cyber Security Strategy in November 2011, which announced the allocation of £650 million over a period of four years, in a bid to tackle cyber crime in the UK.
Matt Middleton-Leal, UK & Ireland regional director, Cyber-Ark, made the following comments:
“In an era in which the security landscape continues to rapidly evolve, and as attacks become more targeted and aggressive, cyber security should begin to be escalated to a boardroom level concern for all organisations. With this in mind, the Government’s plans to encourage the industry to contribute to a new organisational standard for cyber security are certainly to be commended.
“However, while plans to generate a new organisational standard for cyber security are a positive step in getting this issue on the corporate agenda, the Government must be careful that this isn’t seen as a means to increase the already extensive list of auditing requirements that many organisations are struggling to deal with. While compliance certainly plays a vital role in ensuring that organisations take responsibility for maintaining control of networks and data, this can result in a ‘tick-box’ mentality, in which over burdened enterprise IT teams simply strive to keep up with the evolving demands of auditors, rather than proactively assessing the security architecture in place in their business. The Government’s focus should really now be on encouraging robust security measures and best practices which enable organisations to approach compliance with confidence, without compliance taking precedence as the number one priority.”