Government calls for help with setting private sector security standards

(Image credit: Shutterstock)

published 4 March 2013

The Government is calling on the security industry to help it select an "organisational standard" that will help business leaders protect their companies from cybercrime.

In a post on the .gov.uk website, the Government said it plans to select and endorse an organisational standard that "best meets the requirements for effective cyber risk management", before calling on companies to submit suggestions about which one to back.

"There are currently various relevant standards and guidance, which can be confusing for organisations, businesses and companies that want to improve their cyber security," the post stated.

"We aim to offer clarity to the private sector, based on the standard that we select and choose to promote."

Interested parties have until Monday 8 April 2013 to express an interest in submitting evidence in support of their preferred standard, before the Government publishes guidance on how to submit it on Tuesday 30 April.

Participants will then have until Monday 14 October to submit their evidence, in support of their chosen standard.

The Government has also published a guidance document, setting out what it thinks a good organisational standard for cyber security should have.

For instance, it needs to be internationally recognised and protect organisations of all sizes against "low-end methods of compromise", such as malware, phishing attacks and viruses.

It also states that the contents of this standard should be auditable.

Matt Middleton-Leal, regional director for UK and Ireland at security vendor Cyber-Ark, said the creation of the standard is step in the right direction when it comes to getting IT security on the corporate agenda.

"The Government must be careful that this isn't seen as a means to increase the already extensive list of auditing requirements that many organisations are struggling to deal with," he added.

"While compliance certainly plays a vital role in ensuring organisations take responsibility for maintaining control of networks and data, this can result in a tick-box' mentality, in which over burdened enterprise IT teams simply strive to keep up with the evolving demands of auditors."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.