Canadian IT security professionals said they are receptive to an online resource launched by the International Telecommunication Union (ITU) that’s essentially a one-stop-shop for finding information on global IT security standards.
The ICT Security Standards Roadmap is a repository of current security standards as well as those in the works from major standard development bodies. It also provides a listing of various standards organizations in the area of information and communications technology (ICT).
ITU is a United Nations agency particularly focused on the development of information and communication technologies.
The tool was the result of collaboration efforts among ITU, the European Network and Security Information Agency, and the Network and Information Security Steering Group. The ITU was unavailable for comment at press time.
The Security Standard Roadmap works as a single point of access for security vendors, service providers, developers and researchers. It acts as a central tracking tool that not only provides information on standards and activities of standards bodies, but also aims to enhance collaboration among standards organizations. This collaboration hopes to eliminate duplication of standardization efforts and be able to easily identify where gaps may exist, according to the ITU statement.
“In this age of compliance and Sarbanes Oxley, as an IT manager, you can actually be held liable for not keeping up and not knowing what the standards are in the industry,” said Tom Keenan, a spokesperson for the Canadian Information Processing Society and an IT security professor at University of Calgary.
ITU’s online resource for security standards can be a “very neutral” and useful source of security information, Keenan added. “There is so much information about IT security (today). To put it in perspective, I taught the first security course in Canada in the early 1980s and it only took one day to cover everything that was known about computer security. Now you can spend years learning about it.”
The ITU roadmap certainly fills the need among the community for a comprehensive security standards resource, according to Brian Bourne, president of Toronto-based security consulting firm CMS Consulting Inc.
Bourne is part of the steering committee for Toronto-based IT security user group called Toronto Area Security Klatch (TASK), and plans to include a link to the ITU roadmap on the TASK Web site “to help make the Canadian community aware.”
In addition to information regarding existing standards and standards under development, the ITU standards roadmap also provides materials on future and proposed security standards.
Keenan said this feature is particularly valuable as it gives IT and security professionals some understanding of what the future trends or issues are in the area of security so they can plan ahead.
For instance, one of the standards under development cited in the ITU roadmap was on providing guidelines for ICT disaster recovery services. Keenan said IT professionals today are still struggling with the right disaster recovery planning procedures.
“I know some companies who worry about everything. There are certain things that you can legitimately worry about and there are certain things that are pretty far-fetched, and you can use an awful lot of corporate resource preparing for disasters that are never going to happen,” he explained.
An internationally accepted standard for disaster recovery services can provide reasonable guidelines for organizations and implement more effective disaster readiness procedures, he added.
The ITU standards roadmap also features a section on best practices, where community members can contribute content related to standards-based best practices.
Efforts are underway to transform the roadmap into database format to enable direct links to participating standards organizations and allow each organization to manage their own content within the ITU security standards roadmap site.
ITU has urged ICT standards bodies whose works are yet to be published in the roadmap to provide the necessary information to the ITU so they can be included in future versions of the tool.
“It is important to note that the roadmap is a work-in-progress. It is intended that it be developed and enhanced to include other standards organizations as well as a broader representation of the work from organizations already included,” the ITU said in a statement.
Included in the current version of the roadmap are security standards from the ITU, International Organization for Standardization (ISO), Internet Engineering Task Force (IETF), European Telecommunications Standards Institute (ETSI), Institute of Electrical and Electronics Engineers Inc. (IEEE), and e-business standards body OASIS.