This page contains a Flash digital edition of a book.
PRINCIPLE 3: Efforts to improve cybersecurity must be able to adapt rapidly to emerging threats, technologies, and business models.


Why is this important?


Information technology (IT) is an innovative and dynamic industry, and cyberspace relationships evolve continuously among its stakeholders. Cyberspace’s technologies - the Internet, computer systems, hardware, software, and services, ubiquitous devices, and digital information - change constantly. Devices to connect to cyberspace, such as networked home devices and computing tablets, are constantly updated and upgraded. New business and service delivery models such as mobile applications, social networking, and cloud computing are emerging. Criminals or other actors are constantly modifying and adapting their techniques. Cybersecurity efforts must be flexible so that they can effectively leverage new technologies and business models, address constantly changing threat dynamics, and manage new risks and vulnerabilities. They also must use technologies, people, and processes.


What are we doing now?


There are a variety of effective industry and government efforts to develop cybersecurity measures that establish a layered approach to information security, and are continually updated by security experts around the globe, evolving as threats evolve. Some key examples follow.


• The U.S. IT industry collaborates with the U.S. Government to develop voluntary consensus-driven standards that meet private- and public-sector needs. This collaboration has resulted in better, flexible standards – such as website accessibility standards for people with disabilities - and has given the public access to better and cost-effective technologies and products.


• The U.S. IT industry has established new standardization efforts addressing emerging cybersecurity risk concerns, such as the Kantara Initiative, Open Identity Exchange (OIX), OpenID Foundation, and the Information Card Foundation, which are focusing on identity management.


• U.S. IT companies work to advance their own software assurance via company-specific programs as well as voluntary consortia such as the Open Group and Software Assurance Forum for Excellence in Code (SAFECode).


• Less than a half dozen of the major U.S. IT companies combined spend more than $30 billion annually on research and development (R&D). A significant amount of this investment is focused on security.


PAGE 14


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24