Security standards: IT security standardisation

There is a need for a broad range of IT security standards and technical guidelines to support cybersecurity at both the national and international levels. However a number of standards are available or under development. These spawn from various bodies including the National Institute of Standards & Technology (NIST), the Internet Engineering Task Force (IETF), and ISO, the International Organization for Standardisation. Dr Walter Fumy, vice president of information technology security at Siemens filters through some of the standard variations that are shaping the IT security field. Some areas such as cryptography are well established as many algorithms and techniques have been standardised. But there is no internationally recognized information security management (ISMS) system standard. Inevitably, establishing information technology security standards means playing catch-up with the technology and the ingenuity of the people who attack IT systems. But it must be done.