In Defense of Cybersecurity FrameworkISACA's Sarb Sembhi Sees Simplicity Benefiting New Adopters
"If you start off at a point which is too complex and too hard, no one is going to be interested because the bar is set too high," says Sembhi, past president of the London chapter of ISACA, an international professional association focused on IT governance. "Having a good starting point, someway that's achievable, is excellent."
The Obama administration in February issued the cybersecurity framework, with the intent to provide a voluntary guide for operators of the mostly privately-owned critical infrastructure to secure their information assets (see The Evolving Cybersecurity Framework). Although aimed at American institutions, Sembhi says the framework will likely be adopted by organizations around the globe.
"If the leadership from the USA comes up with anything that was far too complex and far too difficult to achieve, they would not be taken on by the rest of the world that consider the U.S. as the leader," says Sembhi, who chairs ISACA's European and African governmental and regulatory advocacy subcommittee.
Sembhi characterizes the cybersecurity framework as a good starting point that will evolve in the coming years. "As those countries start adopting it, and the U.S. moves to a slightly more mature model ... that's when, hopefully, the rest of the organizations start to catch up with them, and that's when people stop criticizing, perhaps in the way they have been."
In the interview, held at the 2014 Infosecurity Europe conference in London, Sembhi:
- Contrasts the IT and IT security maturity levels of governments and businesses in Europe and Africa;
- Addresses the impact on developing nation of the adoption of IT security frameworks;
- Discusses how ISACA helps governments and businesses around the world in adopting IT security and risk frameworks.
Besides his role at ISACA, Sembhi serves as director of consulting services with Incoming Thought, an IT security advisory firm. He previously worked as a security researcher.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.