Shostack + Friends Blog Archive


By looking for evidence first, the Brits do it right


Looking for evidence of effectiveness

As it happens, both the US Government and the UK government are leading “cyber security standards framework” initiatives right now. ┬áThe US is using a consensus process to “incorporate existing consensus-based standards to the fullest extent possible”, including “cybersecurity standards, guidelines, frameworks, and best practices” and “conformity assessment programs”. In contrast, the UK is asking for evidence that any proposed standard or practice is beneficial or even “best”.

The Brits are doing it right. I hope the US follows their lead.

4 comments on "By looking for evidence first, the Brits do it right"

Comments are closed.