Peerlyst Blogger Violet Blue Says California's Definition of "Reasonable Security" Creates More Cybersecurity Problems Than it Solves
The author and journalist says the new state cybersecurity guidelines will be tough or impossible to implement in real-word environments.
SAN FRANCISCO, March 30, 2016 /PRNewswire/ -- The term "reasonable security" can be slippery and open to interpretation, as we've seen in the court cases arising from customer-data breaches at Target and Home Depot. But as Violet Blue points out in a post on Peerlyst.com, things can get even worse when courts and states like California try to spell out exactly what "reasonable security" entails.
In a piece entitled "Be Worried: CA Attorney General Sets 'Reasonable Security' Standards," Engadget journalist and author Blue says that Attorney General Kamala Harris "slipped a hand grenade into the bouquet of stink known as California's Annual Breach Report (2016)." The report stipulates that organizations should implement the Center for Internet Security's Critical Security Controls—all 20 of them. But as Blue points out, that stipulation is unrealistic—and in some cases, impossible—for organizations and businesses to comply with. "Its 'one size fits all' approach to security program standards is already infuriating InfoSec professionals, from enterprise CISOs to indie pen-testers," she says.
Blue explains that the new standards, which have not yet been codified into law, are a valuable reference point for organizations that want to improve their security posture. But the report also contains language that will sound ominous to many cybersecurity professionals: "The failure to implement all the controls that apply to an organization's environment constitutes a lack of 'reasonable security' under California's information security statute." Language like that, Blue warns, "could trigger enforcement actions after a breach and leave you flapping in the wind when it comes to defending yourself in any post-breach litigation." To read more, go here: https://www.peerlyst.com/posts/be-worried-ca-attorney-general-sets-reasonable-security-standards-violet-blue.
About Peerlyst
Peerlyst is the place where information security pros go to share knowledge and build their professional reputations. With an audience of more than half a million, Peerlyst is the preeminent platform for spreading InfoSec news, asking a question, finding an expert, or offering product insight. For more information, email, visit peerlyst.com, or call Maria Behan at 650 281-7241.
SOURCE Peerlyst
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article