When choosing among cybersecurity policy options, government decision-makers should “avoid rhetorical simplicity, false choices and absolute positions” through “nuanced reflection and discussion” based on five key values, according to a World Economic Forum (WEF) cyber-resilience playbook. Those values are “security, privacy, economic value, fairness and accountability,” IBM’s Security Intelligence reported Feb 5.
Policymakers in a number of countries have begun to mandate that government agencies adopt “very specific cybersecurity processes and technologies” which erode resilience. The report, “Cyber Resilience: Playbook for Public-Private Collaboration,” called this approach “reminiscent of the disastrous days of security by compliance” and noted that it can “lead to a false sense of security.”
The report recommends governments make cyber policy using an ongoing iterative process in place of one that is “ad hoc and crisis-driven” and produces “patchwork legislation.” It is part of WEF’s “Global Risks Report 2018.”
Read more at Security Intelligence.