Should Standards be Mandated? Should Standards be Mandated? - - PowerPoint PPT Presentation

▶

Apr 02, 2024 224 likes •329 views

Ministry of Science, People First, Performance Now Technology and Innovation Should Standards be Mandated? Should Standards be Mandated? Professor Abu Bakar Munir University of Malaya 7 November 2012 Ministry of Science, People First,

SLIDE 1

People First, Performance Now Ministry of Science, Technology and Innovation

Should Standards be Mandated? Should Standards be Mandated?

Professor Abu Bakar Munir University of Malaya

7 November 2012

SLIDE 2

People First, Performance Now Ministry of Science, Technology and Innovation

About cyber security Standards

assist organizations to practice safe security g p y techniques to minimize attacks in Cyber space. used as guard against identity theft, trade secrets, proprietary information, and personally identifiable information (PII) of customers or employees

SLIDE 3

People First, Performance Now Ministry of Science, Technology and Innovation

I t bilit

What Standards can do

Interoperability

Data Data Format & Protocol

Trust

Uniformity vs. Translatability

SLIDE 4

People First, Performance Now Ministry of Science, Technology and Innovation

Baseline

Raise the bar Eliminate Known issues Narrow or close communication gaps g p Ease testing & updating

SLIDE 5

People First, Performance Now Ministry of Science, Technology and Innovation

Content of a good Standard

Plan-Do-Check-Act approach.
Mature and stable.
Not contradicting or in conflict with corporate or international
Not contradicting or in conflict with corporate or international

standards.

Clear and easy to understand.

S t ti

Systematic.
Realistic and practical.
Solves all parts of the problem.
Well structured and organized. Measurable.
Has a clear accreditation and certification process.
Widely followed and adapted.

Widely followed and adapted.

SLIDE 6

People First, Performance Now Ministry of Science, Technology and Innovation

Some standards

Widely recognized security standard is International Organization for

Standardization/International Electrotechnical Commission [ISO/IEC [ 27002], consists of two basic parts i.e. BS 7799 part 1 and BS 7799 part 2.

Both of these parts were created by British Standards Institute (BSI).
Part 1 provides an outline or good practice guide for cyber security
Part 1 provides an outline or good practice guide for cyber security

management P t 2 id f k f tifi ti

Part 2 provides a framework for certification

SLIDE 7

People First, Performance Now Ministry of Science, Technology and Innovation

Cont Cont. .

ISO/IEC JTC 1 Subcommittee 27 Cybersecurity
ISO/IEC 27017 – Guidelines on information

security controls for the use of cloud computing services based on ISO/IEC 27002

SLIDE 8

People First, Performance Now Ministry of Science, Technology and Innovation

Pros and Cons of Having Standard

Ease automation, facilitate better protection e.g. security

updates Eli i t k it k

Eliminate known security weaknesses
Consistent practices ease recognition of expectation
Mass deployment of weak or vulnerable security mechanisms
Create false sense of security
Slow to change
Overlapping and intersection between standards

Overlapping and intersection between standards.

Overlapping and varying abbreviations and definitions.

SLIDE 9

People First, Performance Now Ministry of Science, Technology and Innovation

abmunir@um.edu.my http://profabm.blogspot.com p p g p Mobile- 0122185242