ASIS International (ASIS), (ISC)2 and ISACA, the industry associations for physical, cyber and information security, have signed an memorandum of understanding (MOU) to develop a Security Awareness American National Standard. This guidance will address the intersections of physical, cyber and information security management.
As organisers say, in an increasingly complex and interconnected world, the public and private sector are faced with growing physical and electronic challenges to protect personal information, business transactions, and critical infrastructure. Given the convergence of risks and fading boundaries between physical, cyber, and information security, it is essential that organizations of all types and sizes have tools to promote security awareness from a holistic perspective.
Dr Marc H Siegel, commissioner, ASIS Global Standards Initiative, says: “The human element is central to any successful security strategy. By promoting a ‘security awareness culture,’ organizations can proactively prevent problems that detract from achieving their business objectives. The proposed standard will integrate physical, cyber, and information security into day-to-day business and risk management practices. It will emphasize that everyone in the organization is part of the risk equation, and therefore, part of the solution.”
The standard will focus on cross-disciplinary management measures, as well as awareness and training programs to help organisations and their supply chains prepare for and minimise the likelihood of an undesirable event, as well as respond to and recover from a security incident. Topics of discussion will include:
Physical security
Information security
Cyber security
Wireless networks
Password security
Intangible asset security (brand, reputation, file sharing, intellectual property, and image).
Dr Casey Marks, director of Professional Programs Development at (ISC)2, said: “Businesses are struggling to cope with all of today’s security threats. The continued convergence of cyber and physical security causes our adversaries to neither think nor act in siloes when they perform malicious activities. An all-encompassing security standard like this will help to provide businesses with needed guidance. Standards are the pillar upon which the concept of professionalization is built, and we’re pleased to be a part of this effort with two well-respected industry organizations.”
ASIS, (ISC)2 and ISACA add that they will form a joint technical committee and working group to develop the standard, soliciting input from security experts around the globe. The committee will operate under ASIS’s ANSI-accredited process to develop an American National Standard that can be applied anywhere, they add.
Christos Dimitriadis, international president of ISACA, said: “Combining the expertise of our members and leaders will help organizations and their supply chains assess their risks and develop enterprise-wide and site-specific plans and procedures to more effectively manage risk and protect their human, tangible and intangible assets. Security awareness is a business imperative in today’s interconnected world. By bringing together the top security professional organizations, we can share best practices and ensure a collaborative approach to asset protection.”
Technical committee formation is expected to begin in April. For details contact [email protected].
