Hello Cybersecurity Community and Friends,
Perhaps it is time to add a new amendment to the United States Constitution focused on cybersecurity and protecting our people, livelihoods and nation. When the United States Constitution and Amendments were drafted our Founding Fathers had no idea the Internet would exist and that all types of commerce could be executed without being present in front of another human being. Cybersecurity has not only a local impact but also a national and global impact to the human race. Without the proper governing body providing the doctrine (rules) to treat ALL people with dignity and respect, and ensuring ENFORCEMENT and GOVERNANCE of this critical doctrine, we have chaos. How can we truly solve the exploding multi-gazillion dollar problem the cybersecurity industry is trying to solve when an organization’s motivation is capitalistic at is core?
The United States Constitution and Amendments were created to protect the people and ensure that EVERY person and citizen has a voice, so an elite few don’t control everything….
One set of rules govern:
- Voting rights
- Drinking age
- Driving a car
- Flying an airplane
- Driving a motorcycle
- Buying a gun
- Obtaining a passport
Multiple sets of rules govern Cybersecurity:
- NIST CSF (National Institute of Standards and Technology – Cybersecurity Framework)
- SANS 20 CSC’s (Cybersecurity Controls)
- PCI-DSS all versions
- NIST SP 800-53 (National Institute of Standards and Technology Special Publication)
- COBIT all versions
Isn’t the definition of insanity doing the same thing over and over and expecting a different outcome? Clearly having numerous standards and governing bodies isn’t working, and in fact adds to the chaos that allows the cyber-criminal / criminal organization to win, and us as citizens, employees and organizations to lose.
What can we do?
Let me pose this to the community: What about creating a single governing body called the United States Audit, Regulatory, Compliance, Governance, and Security Agency (USARCGSA or for short ARCGSA) and collapsing ALL (and I do mean ALL) Audit, Regulatory, Compliance, Governance and Security standards into a single framework? It would be the governing body that holds organizations accountable for the rules of navigating the information superhighway!
Does it sound too crazy?
Too far out there?
Too overwhelming to achieve?
Wait: before you answer, grab your purse and/or wallet.
Okay—now pull out your driver’s license.
If we can create an agency that governs all aspects of vehicles and licensed drivers effectively enough to actually “drive” on a highway, then I think we have a shot at this approach associated with cybersecurity.
I would love to hear your thoughts; feel free to comment on the blog below or email us at firstname.lastname@example.org.
All the best, Kyle