The need for a new security framework

… I feel the need for it. A new security framework.

Because what we have, is based on outdated models. Of security. Of organisations. Of how the world turns.
Bureaucracy doesn’t cut it no more. The very idea of hierarchically stacked framework sets (COSO/CObIT/ISO27k1:2013/…) likewise, is stale.
And the bottom-up frameworks en vogue, e.g., OSSTMM (if you don’t know what that is all (sic) about, go in shame and find out!) and core work like Vicente Aceituno Canal’s, haven’t found traction enough yet, nor are they integrated soundly enough (yet!!) into further bottom-up overarching approaches. Ditching the word ‘framework’ as that is tainted.

But what then? At least, OSSTMM. And physical security. And SMAC. And IoT. And Privacy (European style, full 100.0%, mandatory). And business-organising disruption, exploded labour markets, geopolitics, et al.

OK. Who of you has pointers to such an Utopia ..? [Dystopian angles intended]

Unrelated:
DSCN6146
[Your guess. Not Nancy. But is it Reims ..?]

Advertisements

About maverisk

Maverisk Consultancy, IS Audit and Advisory services: Wikinomics meets governance and audit; otherwise, see my personal LinkedIn profile
This entry was posted in ERM, GRC, Information Risk Management, Information Security, Innovation (technologicallly driven), Privacy and tagged , , , , , , , , , , , , , , . Bookmark the permalink.

Your comments are welcomed!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s