Positive Technologies is developing a new concept of cyber security standard. The document should become an open knowledge base, which will be exchanged between specialists to improve their qualification.
Today, each company sets up its own information security parameters; when a single standard appears, organizations will be able to develop the most effective solutions together.
Experts noted that the document will also help solve the problem of personnel shortage in the IT industry: specialists from other fields interested in information security will be able to get additional skills in this database and retrain to work in this field.
Oleg Gubka, Development Director of the Avanpost company, agrees that the initiative is relevant, but, in his opinion, the standard will be effective if it is developed well.
He believes that it is necessary to create an expert council of representatives of companies who would carefully study all sections of the standard according to their successful projects.
“Information security standards have existed for a long time, why come up with another one is a big question,” said Fyodor Dbar, commercial director of Security Codes.
He believes that this will not help solve the problem of inefficient spending of budgets on information security products, since cybersecurity strongly depends on the development of the organization and the attention of its top officials to launching new processes. And the driver in the cyber security market is not standards, but events such as the mass transfer of employees from the office to remote work or the emergence of new regulatory requirements.
According to Alexander Konovalov, Technical Director of Varonis Systems in Russia, there are enough standards, methods, training systems and guidance documents in this industry. He emphasizes that the problem lies in the work overload of specialized employees who are busy with “routine” and cannot fully master the acquired hardware and software for data protection. Therefore, the solution could not be another standard, but the expansion of the staff of information security departments.