03:35 PM
Congress Gets a Peek at ISO 27001 Security Standard
All too often, it seems I look at the news and see yet another agency in the federal government in trouble for some kind of lapse in data protection. Of course, the private sector is no less guilty, having faced its own share of security fiascos.
Fortunately, efforts are underway to implement a more universal approach to securing data, networks and all things IT.Over the past year, I've been writing about the ISO 27001 security standard. This is basically an internationally accepted standard around information security that gives entities (corporates, governments, regulators, etc.) a set of criteria by which to judge the security of a given system. Slowly, ISO 27001 is being adopted by the financial services industry-both banks and vendors-as a way for them to better manage IT safety issues.
Progress could be a little better on the adoption front, however. Well, the ISO standard may have just gotten some much needed exposure. Last month, Congress heard testimony on how ISO 27001 could enhance IT security at the federal level. Paul Kurtz, COO of Good Harbor Consulting, recently appeared before multiple Congressional subcommittees to assess the Federal Information Security Management Act (FISMA), along with emerging trends and recommendations for improving federal IT security. ISO 27001 played a major part in Kurtz's list of recommendations.
What would the implications be if the federal government were to adopt this standard? Would we see the end of data breaches? Would our personal information finally be safe-truly safe? Well, everyone knows that crooks are determined and motivated. Nothing is completely safe, given a well-funded hacker with a lot of time on his hands. However, if ISO 27001 were to get a vote of confidence from Congress, this would mark a major move in the right direction for the U.S. and its attitude toward data safety.Efforts are underway to implement a more universal approach to securing data, networks and all things IT using the ISO 27001 security standard.