A consortium of US federal agencies have drawn up a list of critical security controls they hope will serve as a gold standard for cybersecurity. The Consensus Audit Guidelines (CAG) list is part of larger plans to apply the CSIS Commission report on cybersecurity as a blueprint for making information security systems more …
But what if an idea is proposed that is better suited as a *proactive* defense against attack vectors as yet unknown?
Just another security checklist
All very worthy, but doesn't mean a thing without a management system to ensure that the parameters chosen (eg for "control of ports, protocols and services") are aligned with the needs of the organisation and (equally important) stay aligned as the needs evolve. It's a pity no-one in the US seems to have heard of ISO 27001 - oh I forgot, it's Not Invented Here.
Look out for those "Ant-viruses". They're deadly!
"Feds forge gold standard for cybersecurity"
Right. Hands up anyone who, like me, thought this was going to be an article about the Government being caught falsifying their security reports / SOX compliance?
"The list resembles the guideline drawn up by the credit card industry for adherence to the PCI DSS"
Then it's shite and needs to be thrown out.
Seriously. If you've ever been involved in making a box PCI compliant, you know what kinds of asinine bollocks they make you do.
- Analysis iPhone 6: The final straw for Android makers eaten alive by the data parasite?
- Stephen Pie iPhone 6: Most exquisite MOBILE? No. It is the Most Exquisite THING. EVER
- First Crack Bloke buys iPHONE 6 and DROPS IT to SMASH on PURPOSE
- Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
- First Fondle Register journo battles Sydney iPHONE queue, FONDLES BIG 'UN