By looking for evidence first, the Brits do it right

Looking for evidence of effectiveness

As it happens, both the US Government and the UK government are leading “cyber security standards framework” initiatives right now. ┬áThe US is using a consensus process to “incorporate existing consensus-based standards to the fullest extent possible”, including “cybersecurity standards, guidelines, frameworks, and best practices” and “conformity assessment programs”. In contrast, the UK is asking for evidence that any proposed standard or practice is beneficial or even “best”.

The Brits are doing it right. I hope the US follows their lead.

4 Comments on "By looking for evidence first, the Brits do it right"

  1. Thanks, Jared. Though I hope it has persuasive effect on NIST and other participants, I’d bet that their incentives and mental models will lead them to complete the assigned task without changes of direction.

    A few of us have talked about a “B-sides” activity that parallel’s the meetings of the official initiative. I’ll let people know if that materializes.

Comments are closed.