Page 34 - AeM_June_2019
P. 34
LEGISLATION
Cybersecurity Bills & Standards
Thailand’s National Legislative Assembly (NLA) threats to systems and technology that have the
passed recently its cybersecurity bill that gives potential to jeopardize cyber security”, they explain.
authorities the right to bypass court orders in "critical" “While it is impossible to eliminate all threats,
situations, just like Singapore a year earlier. In fact, improvements in cyber security can help manage
many jurisdictions in the region started to develop their security risks by making it harder for attacks to succeed
own cybersecurity legislation to impose requirements and by reducing the effect of attacks that do occur”,
on certain businesses to implement protections against they conclude.
cybersecurity risks into their computer systems.
Furthermore, cyber security standards facilitate sharing
In general, a spotlight is being put on Cyber Security of knowledge and best practices by helping to ensure
Standards over the past few years, and Karen common understanding of concepts, terms, and
Scarfone, Dan Benigni and Tim Grance from the definitions, which prevents errors, besides other
National Institute of Standards and Technology (NIST) benefits: e.g. cost savings that result from the
published a comprehensive article regarding that. The development, manufacture, sales, and delivery of
writers highlight that a cyber security standard defines standards-based, interoperable products and services.
both functional and assurance requirements within a
product, system, process, or technology environment, Usually, international, regional, national, industry, and
and if well-developed enables consistency among government groups are involved in the development of
product developers and serves as a reliable metric for cyber security standards. Then there are as
purchasing security products. well consortia, industry alliances, and associations that
promote standards development. Not to mention that
They state that cyber security standards cover a broad there are many other cyber security standards
range of granularity, from the mathematical definition developers who want to make sure that developments
of a cryptographic algorithm to the specification of are in their favor or at least compatible with their critical
security features in a web browser, and emphasize interests.
that such standards must address user needs, but also
be practical. In other words, cost and technological Of course, talking about cyber security, means first of
limitations must be considered in building products to all firewalls, anti-virus software, intrusion detection and
meet the standard. prevention systems, encryption, and login passwords.
However, improving cybersecurity through regulation
“Security technology has not kept pace with the rapid and collaborative efforts comes a close second. The
development of IT, leaving systems, data, and users US and Europe lead here by example, but Asian
vulnerable to both conventional and innovative security countries started to raise the bar as well. ◊
threats. Politically motivated adversaries, financially
motivated criminals, mischievous attackers, and By MediaBUZZ
malicious or careless authorized users are among the
34 June 2019 - Cyber-security & Data Protection