by D. Howard Kass • May 8, 2023
The International Information Systems Security Certification Consortium, commonly known as (ISC)², is calling for more standardization and international collaboration to create frameworks for shared learning and best practices.
In the security space, (ISC)² is a nonprofit organization that provides security training and certificates, the most notable of which is the Certified Information Systems Security Professional (CISSP), widely regarded as the gold standard in security certifications. The association dates to 1988.
Examining Cybersecurity Rules
The consortium’s newly released report, Global Approaches to Cyber Policy, Legislation and Regulation, reviews cybersecurity legislation and regulation within Canada, the European Union, Japan, Singapore, the United Kingdom and the United States.
The report also identifies various challenges shaping cyber policy, including:
- The shortage of skilled cybersecurity professionals
- The complexities of the critical national infrastructure
- International cooperation on norm development for cyberspace
The report is a joint effort between (ISC)² and the Royal United Services Institute (RUSI), the world’s oldest independent think tank on international defense and security.
It’s critically important to understand which policies work for cyber resilience. As Pia Hüsch, research analyst for Cyber, Technology and National Security at RUSI explained:
“While the report identifies a number of trends in the cyber policy landscape, the increasing reliance on binding cybersecurity obligations for the critical national infrastructure sectors and beyond stand out, but the obligations different jurisdictions impose to increase cyber resilience vary. The report therefore draws crucial attention to the need to better understand which policies are effective in increasing cyber resilience and how they impact businesses and the cyber workforce implementing them.”
Key Security Issues
The report covers other key security issues, including:
- More regulations are coming, organizations must prepare now.
- No country or government is immune to the cybersecurity skills and workforce gap.
- Global standardization is critical, and full international cooperation is needed to protect and uphold ethical principles and standards.
- Fortifying critical infrastructure is a top priority for all jurisdictions — especially with more interconnectedness and state lines blurring.
- Collective defense is needed between the public and private sectors and across jurisdictions to support norm development.
Clar Rosso, (ISC)² chief executive, explained the importance of policymakers to adopt a proactive approach toward cybersecurity policy:
“Findings from this report provide valuable insight into top legislative and regulatory priorities, which emphasizes the need for greater harmonization between policymakers, cybersecurity professionals and other stakeholders to improve cyber resilience and address pressing cybersecurity challenges in 2023 and beyond. To protect our national security, economies, critical infrastructure, and the data and privacy of our citizens, we need consistent, strong, forward-looking and joined up policies that enable cybersecurity professionals around the world to stay laser-focused on the most critical aspects of their jobs.”