US shows way for security

New US proposals for minimum corporate security standards could foster similar measures in the UK

Written by Madeline Bennett

IT Week, 19 Apr 2004

UK firms could soon find themselves under pressure to comply with tough security standards introduced in the US last week. The Information Security Governance proposals, designed by a taskforce appointed by the US government, could form the basis of new rules in the UK.

Bill Conner, head of security firm Entrust and co-chairman of the US taskforce, said that Whitehall was considering a similar scheme to make organisations more accountable for their IT defences.

"I am already talking with the UK government and [e-commerce minister] Andrew Pinder about this," said Conner. "The framework is global in nature and can be applied to UK and European firms. We took great care to ensure all the standards used reflected an international view since cyber security cannot be contained within the physical borders of a single country."

Under the US proposals, firms would have to assign security managers and periodically assess risks. Compliance with the new guidelines is not yet mandatory, but Amit Yoran, director of the National Cyber Security Division at the US Department of Homeland Security (DHS), said companies should make information security a priority. He added that the DHS supported the use of tools described in the taskforce's report.

The proposals advise firms to take advantage of established international standards such as ISO 17799, which forms the basis of the US framework.

"We are encouraging organisations to use security best practices guidance, such as ISO 17799, to measure information security performance," said Conner. "I would hope that this would result in greater uptake of these security standards."

The UK's Information Commissioner also recommends ISO 17799 compliance for large firms, to meet the security requirements of the Data Protection Act.

Despite the high cost of certification, the number of firms achieving the ISO 17799 standard has grown steadily, following new rules on corporate governance in the wake of the Enron scandal. In August 2002, about 130 firms were certified. This has now risen to just over 600 worldwide.

Fred Cohen of analyst firm Burton Group said corporates should aim for compliance with the standard. "Anyone with more than a few hundred staff would be foolish not to comply," he argued.

Japan has the highest number of certified firms, with 276, followed by the UK with 129, and India in third place with 28. This may indicate that India is taking IT security issues seriously given the concerns of European organisations that facilities in India could create weak spots in their protection.

Tags:

reader comments

related articles

Governance documents

Corporate governance

IT chiefs have a key role to play in improving corporate governance 01 Oct 2004

 

Microsoft warns of SSL attacks

Hackers preparing to exploit Secure Socket Layer vulnerabilities in Windows 26 Apr 2004

US security demands go too far

Onerous security requirements from the US look like exposing UK firms 22 Apr 2004

Review 2007: IT security and e-crime

Computing's review of the year looks back at the top IT security and cybercrime stories 20 Dec 2007

Cabinet Office publishes data handling review

Data will be encrypted, staff trained and privacy impact assessments carried out on all projects 26 Jun 2008

Government

Cabinet Office publishes data handling review

Data will be encrypted, staff trained and privacy impact assessments carried out on all projects 25 Jun 2008

today's top stories

Hardware

Analysis: The true cost of printing

Organisations need to get a better sense of how much they spend on printing before finding ways to reduce it 05 Sep 2008

Management

Computing podcast 4 September 2008

Find out what Michael Dell told Computing, and listen to our take on the latest browser wars 04 Sep 2008

Hardware

Looking to the future - exclusive Michael Dell interview

Dell's chief executive talks to Computing about the way the company continues to adapt to major changes in the industry 04 Sep 2008

Internet

Interview: Delivering power where it's needed at Betfair

The online gambling firm is putting its money on grid computing and virtualisation to underpin global expansion 04 Sep 2008

Hardware

E-paper displays are an open book

A display revolution is on the way - but only once the user interface issues are solved 04 Sep 2008

> More news

Most commented stories

> More

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Would you use a mobile phone as an alternative to cash?

Would you use a mobile phone as an alternative to cash?

When mobile phones include inbuilt payment technology - would you use one instead of cash?

Previous poll results

> More polls

Latest audio and video articles

BlackBerry BoldVideo

Video Review: BlackBerry Bold

Technology editor Daniel Robinson takes a hands-on look at the latest device from Research in Motion 01 Sep 2008

Podcast imageAudio

Computing podcast 4 September 2008

Find out what Michael Dell told Computing, and listen to our take on the latest browser wars 04 Sep 2008

> More audio and video

Latest in-depth articles

A meetingAnalysis

Turning adversity into an advantage

IT chiefs under pressure to make cost cuts can turn the situation to their benefit 04 Sep 2008

CloudAnalysis

How to introduce cloud computing into your organisation

Best practice advice from Forrester Research 04 Sep 2008

> More in depth articles

Primary Navigation