We’re constantly looking over, analysing, and adhering to narrowly defined security standards in the IS field. These standards are focused on large companies, yet what is there for the little guy?

Websites slap on labels like “Hacker Safe”, which we don’t trust and there are countless blogs vulnerable to a number of security holes, gaps, and simple poor configuration.

What we need is an open-source set of general security recommendations and guidelines for a host of applications – encryption, blogs, and even social networks. The formula for these guidelines to work, be useful, and adopted are,

• Keep Them General - Don’t include specific instructions on how to configure a setting.
• Have Input From Independent Security Experts – The people that work, teach, and have “intangible” experience working in information security.
• A Ranking System - What something protects against, how effectively it does it, and how difficult is it to configure.

Such a set of open source standards, would do wonders for not only the people using them, but the companies that stand behind them. Especially smaller companies who can respond quickly, speak more freely with the public, and have a more varied palate of work vs. a large corporation.

Why not have a set of well-scrutinized general security guidelines that could be adopted by schools, independent consultants, or Web developers?

This entry was posted on Wednesday, August 20th, 2008 at 11:06 am by Anil Polat and is filed under regulations. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.