This page contains a Flash digital edition of a book.
SIX CYBERSECURITY PRINCIPLES


As industry and governments work together to develop the right policy framework to enhance cybersecurity, there are six guiding principles to follow:


1. Efforts to improve cybersecurity must leverage public-private partnerships and build upon existing initiatives and resource commitments. By partnering with government the IT industry has provided leadership, resources, innovation, and stewardship in every aspect of cybersecurity for more than a decade. Cybersecurity efforts are most effective when leveraging and building upon these existing initiatives, investments, and partnerships.


2. Efforts to improve cybersecurity must properly reflect the borderless, interconnected, and global nature of today’s cyber environment. Cyberspace is a global and interconnected system that spans geographic borders and traverses national jurisdictions. The United States should exercise leadership in encouraging the use of bottom-up, industry-led, globally accepted standards, best practices, and assurance programs to promote security and interoperability.


3. Efforts to improve cybersecurity must be able to adapt rapidly to emerging threats, technologies, and business models. IT is an innovative and dynamic sector with rapidly changing and evolving technologies. Cybersecurity efforts must be equally dynamic and flexible to effectively leverage new technologies and business models and address new, ever-changing threats.


4. Efforts to improve cybersecurity must be based on risk management. Security is not an end state. Rather, it is a means to achieve and ensure continued trust in various technologies that comprise the cyber infrastructure. Cybersecurity efforts must facilitate an organization’s ability to properly understand, assess, and take steps to manage ongoing risks in this environment.


5. Efforts to improve cybersecurity must focus on awareness. Cyberspace’s owners include all who use it: consumers, businesses, governments, and infrastructure owners and operators. Cybersecurity efforts must help these stakeholders to be aware of the risks to their property, reputations, operations, and sometimes businesses, and better understand their important role in helping to address these risks.


6. Efforts to improve cybersecurity must more directly focus on bad actors and their threats. In cyberspace, as in the physical world, adversaries use instruments (in this case, technology) to carry out crime, espionage, or warfare. Cybersecurity policies must enable governments to better use current laws, efforts, and information sharing practices to respond to cyber actors, threats, and incidents domestically and internationally.


WHAT SHOULD POLICYMAKERS BE DOING?


For each of these principles, ITI has developed specific proposals for how policymakers can augment current efforts underway. These proposals are found on the following pages.


The IT Industry’s Cybersecurity Principles for Industry and Government


PAGE 9


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24