Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The tech industry needs a global body to legislate on security standards, according to an IBM security expert.
At the current time, common criteria is not a modern enough approach and “something needs to happen on a global stage,” said Kristin Lovejoy, vice president of security strategy at IBM.
An organisation needs to be established, perhaps within the UN, to govern security standards, although it is likely this would take “a long time”, Lovejoy explained.
“Here’s the problem, if the Russians, the Chinese, the US, the EU and Singapore – if they all come up with their own standards, what happens is it becomes impossible for organisations to compete globally because they have to rebuild their products for every geographical market,” she told IT PRO.
With nation-set standards, manufacturers would be required to provide their source code to that national government and this would bring with it intellectual property (IP) issues, she said.
“It’s not simply the potential IP theft issue, it’s the fact that those national governments now have insight into your protection profiles,” Lovejoy explained.
“On some levels, security is still about obscurity, and the more they know the more there is a potential for them to create backdoors into those technologies. We’re in this state now where we are stuck because we don’t have an international standard other than common criteria, which I think everybody agrees... needs to be improved, modernised.”
She called for an international best practice to be accepted by national governments across the world and provide multi-nationals with a “safe harbour.”
This article originally appeared at itpro.co.uk
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.