The cost of confused and conflicting guidance on Cybersecurity

The launch of the Information Society Alliance (EURIM) report on Security by Design went very well and rather than blog on the event myself I will cross refer to Leonard Anderson’s blog. he clearly enjoyed it. His concern over the need to also promote the messages to local government, including via SOCITM is apposite. So too is his concern over the cost of conflicting guidance,  including from CLAS consultants.

 Earlier in the day, a meeting of the sub-group on the procurement of Shared Network Services was given examples of how conflicting interpretations of the code for critical communications networks  and of the codes for connection to the government secure extranet had added significantly (i.e doubling or trebling) to the cost of both infrastracture and surrounding applications and processes for some government agencies – as well as for local government.

This was one of the areas identified for follow up. The cause of the problems links back to the growing crisis in security skills – quality even more than quantity.

Those claiming expertise are not aware that they are often mandating obsolete, less effective, as well as more expensive, aporoaches to security.  

I should also add that the recommendations in the report on the potential role of the Law Society raised eyebrows.  I suspect, however, that if these are followed up, they may well have more impact than any government-led initiative.  


Start the conversation

Send me notifications when other members comment.

Please create a username to comment.