Internaut: Why not a nationwide security standard?

Shawn P. McCarthy

The time has come to certify information security processes in much the same way that the International Standards Organization grants ISO 9000 certificates to manufacturers with consistent quality-control processes.

Such a certification would go a long way toward making federal, state and local IT infrastructures more bulletproof. It could corral the many networks used by government information systems and force them to follow consistent rules for data exchange, backup and encryption.

Last month, the House Committee on Energy and Commerce sent a letter to the Office of Homeland Security outlining ways to protect the nation's infrastructures.

'Rather than having individual agencies and critical sectors develop differing assessment models and security programs, the new [Homeland Security] Department should develop and promote a single framework for conducting vulnerability assessments across the critical infrastructure,' the committee's letter said.

Meanwhile, a National Academy of Sciences report on countering terrorism said in-house expertise is inadequate to protect agency and local-level IT infrastructures. The report suggested the government develop a set of best practices for agencies to follow; see
books.nap.edu/books/0309084814/html/124.html#pagetop.

Potential sources for finding best practices include:



About the Author

Shawn McCarthy, a former writer for GCN, is senior analyst and program manager for government IT opportunities at IDC.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above