Monday, March 26, 2018

Study and protect

Exactly 30 years ago, in 1981, the disease named Acquired Immunodeficiency Syndrome (AIDS) was described for the first time. There has been a continuous improvement in the treatment of this disease, but it has been since 1987 when they have begun to develop antiretrovirals that have removed the deadly character of the disease. This has been achieved thanks to an exhaustive study of the life cycle of the virus that has led to the blockade of its development. More control has been able to stop the virus.

Last week, the California Department of Technology (CDT) announced the launch of a comprehensive program that evaluates systems at the state level with the aim of improving its cybersecurity measures. In this case, it is also intended that the exhaustive study of each one of the departments allows avoiding "virus". This tool is very innovative and places California at the head of the cyber career, being the first state in the nation to launch a matrix of this style.
Thanks to an interview conducted by TechWire we can know the vision of Peter Liebert, Director of the Information Security Office. Quoting his words: "(This new strategy) will not work for everyone. Fantastic programs can be very mature, but just by the nature of (their) business ... (risk) still feeds into the equation. But this helps."

The California Cybersecurity Maturity Metric is the result of dozens of workshops involving information security (ISO) and CIO officers. In total, according to Lieber, the representatives of some 40 entities contributed to the final product. The "four major" departments that oversee cybersecurity and cybercrime in California have contributed their knowledge on the subject: the California Cyber Security Integration Center (Cal-CSIC), part of the state Office of Emergency Services; the California Highway Patrol, which oversees cybercrime enforcement; the California Military Department; and the CDT.

There have been many months invested by the CDT’s Office of Information Security (OIS)in the evaluation and qualification of each department’s cyberdefenses. The cybersecurity of these departments has been evaluated through formulas created by the Chief information officers and and agency information officers. Through these formulas the departments will be rated with a score from 0 to 4, from lowest to highest security level.

Although this tool could be seen as an accusing finger pointing out the errors of others, Liebert tries to make it clear: "This is designed to provide a tool (to understand) where they are and where they want to go” in terms of cybersecurity."

Through all this strategy, it is intended that the state departments will be audited, allowing their cyberdefenses strategies to be qualified continuously. Quoting Liebert's words: "to establish a baseline for maturity." As Peter Liebert says: " Just having a (policy) document doesn’t mean you’re actually implementing it. ... This blends policy and implementation."

Innovation is the cement that unites the bricks of our barriers against cyber attacks. The rapid pace at which cyber attacks evolve forces us to increase our own pace. In this case, innovation comes from the knowledge of different sectors together with transparency as the main value. Will California open the season with this new type of strategy?


Post a Comment