- Speak Up, Speak Out February 23rd, 2017
- Wise Owl Tip: Women needed to solve talent shortage June 8th, 2016
- Diversity at RSA February 25th, 2016
- Why #brainbabe? December 22nd, 2015
- Wise Owl Tip: Love in the Workplace? September 16th, 2015
- The new "Pretty In Pink" - The Data Breach July 23rd, 2015
- Crazy Idea - Cyber Security Amendment to The Constitution? July 15th, 2015
- Wise Owl Tip: Job seekers—tired of not hearing back? June 24th, 2015
- Wise Owl Tip: Are You Sure You Know How To Make Agreements? May 7th, 2015
- #brainbabe: Celebrating Equality in Tech April 16th, 2015
- How Much $$$ Are You Looking For? March 24th, 2015
- Recruiters' Reputations Soured February 4th, 2015
- Vague Information Hurts January 30th, 2015
- Truth Sells January 15th, 2015
Crazy Idea - Cyber Security Amendment to The Constitution?
Innovation doesn't always happen on the normal road ...
Hello Cyber Security Community and Friends,
Perhaps it is time to add a new amendment to the United States Constitution focused on cyber security and protecting our people, livelihoods and nation. When the United States Constitution and Amendments were drafted our Founding Fathers had no idea the Internet would exist and that all types of commerce could be executed without being present in front of another human being. Cyber security has not only a local impact but also a national and global impact to the human race. Without the proper governing body providing the doctrine (rules) to treat ALL people with dignity and respect, and ensuring ENFORCEMENT and GOVERNANCE of this critical doctrine, we have chaos. How can we truly solve the exploding multi-gazillion dollar problem the cyber security industry is trying to solve when an organization's motivation is capitalistic at is core?
The United States Constitution and Amendments were created to protect the people and ensure that EVERY person and citizen has a voice, so an elite few don't control everything....
One set of rules govern:
- Voting rights
- Drinking age
- Driving a car
- Flying an airplane
- Driving a motorcycle
- Buying a gun
- Obtaining a passport
Multiple sets of rules govern Cyber Security:
- NIST CSF (National Institute of Standards and Technology - Cybersecurity Framework)
- SANS 20 CSC's (Cyber Security Controls)
- PCI-DSS all versions
- NIST SP 800-53 (National Institute of Standards and Technology Special Publication)
- COBIT all versions
Isn't the definition of insanity doing the same thing over and over and expecting a different outcome? Clearly having numerous standards and governing bodies isn't working, and in fact adds to the chaos that allows the cyber-criminal / criminal organization to win, and us as citizens, employees and organizations to lose.
What can we do?
Let me pose this to the community: What about creating a single governing body called the United States Audit, Regulatory, Compliance, Governance, and Security Agency (USARCGSA or for short ARCGSA) and collapsing ALL (and I do mean ALL) Audit, Regulatory, Compliance, Governance and Security standards into a single framework? It would be the governing body that holds organizations accountable for the rules of navigating the information superhighway!
Does it sound too crazy?
Too far out there?
Too overwhelming to achieve?
Wait: before you answer, grab your purse and/or wallet.
Okay—now pull out your driver's license.
If we can create an agency that governs all aspects of vehicles and licensed drivers effectively enough to actually "drive" on a highway, then I think we have a shot at this approach associated with cyber security.
I would love to hear your thoughts; feel free to comment on the blog below or email us at email@example.com.All the best, Kyle