Standardization Versus Risk Management: How Much Cybersecurity Is Enough?
There’s no doubt that cybersecurity is a complex topic to legislate. Given how fast-moving security’s components are, legislation is often too slow and cumbersome. Antonio Ramos, CEO of Leet Security, a cybersecurity ratings agency based in Madrid and member of the Stakeholder Cybersecurity Certification Group (SCCG), says that recent trends in legislation around cybersecurity are, in general, positive.
Define how to measure cybersecurity and then establish how much you need.
Antonio Ramos, CEO of Leet Security
“Now cybersecurity is a ‘hot’ topic and politicians are aware of it,” he adds. Nevertheless, he is critical of the overall focus on certification and minimum requirements and would like to see more emphasis on risk management approaches. “We keep thinking about cybersecurity as something that can be standardized, which, by definition, is impossible. Cybersecurity is a risk management issue which depends on risk appetite, risk exposure, and many other things that make it impossible to define which is the right level of cybersecurity for every single case.
Certification is perfect for establishing a minimum level of requirements to start doing business in a field, but then we should open the hand to offer other kinds of mechanisms that have proven useful in other markets, such as rating, labeling, self-assessment, or auditing,” he says. Rather than defining a list of security controls for every situation, an alternative approach is to define how to measure cybersecurity and then establish how much is needed in each case, suggests Ramos. “This approach is much more efficient and improves the efficiency of certification. In fact, this approach is the one that the Spanish Center for Protection of Critical Infrastructures (CNPIC) is using for the definition of the cybersecurity certification framework for critical operators. A scheme with different levels against which operators can set certifications and then the Center decides which level is right depending on the criticality of the infrastructure,” he explains.
Sign up for the Avnet Silica Newsletter!
Stay up-to-date with latest news on products, training opportunities and more!
Take a DEEP look into the future!
Get the latest market trends and in-depth trainings on our Digital Event Experience Portal!
Avnet Silica Design Hub
Browse and review hundreds of proven reference designs to accelerate your design process. Our designs can be modified and saved in our AVAIL design tool and then exported to your CAD tool of choice.
