Last week I attended a SINET event in NYC- one of those rare crossings of technology talent from Silicon Valley and other tech hubs, Wall Street security executives, and DC beltway leadership. Lots of thoughts, but this one has been on my mind for some time. Those that caught my BSides Nashville keynote have heard these thoughts.
A question was posed by a gentleman from DHS, “How do we establish and build upon a standard of due care?” His question is one that we as an industry are proving can be hard to answer.
I submit, for your consideration, that two forces will mature information security (or cyber security—choose your own lexicon adventure):
- Information Sharing - Very specifically root cause analysis (try to picture the NTSB and aviation investigation report levels of transparency,) and
- Insurance - Actuarial backed, data science powered case law, defining standards of “due care”
I, for one, am extremely excited to hear Mudge is headed to build a #CyberUL for the White House. (Read more on the CyberUL here.)
Good luck, let us know how to help!
As always, I'd love to hear your thoughts and feedback!