[ More on cybersecurity: From Anonymous to Hackerazzi: The year in security mischief-making | Free download: 68 great ideas for running a security department ]
The Government Accountability Office this week issued a report on just that notion saying: " Given the plethora of guidance available, individual entities within the sectors may be challenged in identifying the guidance that is most applicable and effective in improving their security. Greater knowledge of the guidance that is available could help both federal and private sector decision makers better coordinate their efforts to protect critical cyber-reliant assets."
Such information though is valuable in that these myriad groups offer guidelines and principles as well as technical security techniques for maintaining the confidentiality, integrity, and availability of information systems and data, the GAO stated.
"When implementing cybersecurity technologies and processes, organizations can avoid making common implementation mistakes by consulting guidance developed by various other organizations. Public and private organizations may decide to voluntarily adopt this guidance to help them manage cyber-based risks," the GAO stated.
Who are some of these key organizations? From the GAO:
• International Organization for Standardization (ISO): a nongovernmental organization that develops and publishes international standards. The standards, among other things, address information security by establishing guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.
• International Electrotechnical Commission (IEC): an organization for standardization comprising all national eletrotechnical committees. The commission publishes international standards, technical specifications, technical reports, and publicly available specifications and guides. The information security standards address safety, security, and reliability in the design and operations of systems in the power industry, among other things.