Security and privacy going global

Members of Congress show no signs of letting up in efforts to revise or reform or extend various information security regulations. Ideas about updating FISMA — particularly from Senators like Olympia Snowe, John Rockefeller, and Tom Carper — have received a lot of attention this year, as have debates about the appropriate location, role, and reporting structure for whatever individual or position will take top responsibility for federal cybersecurity management and oversight. Now in the House comes the Cybersecurity Coordination and Awareness Act, which among other provisions would assign NIST, already responsible for producing security standards and guidance under FISMA, the task of collaborating with international organizations on security standards. The bill, reported out yesterday by the Technology and Innovation Subcommittee of the House Committee on Science and Technology, might represent a further driver for NIST’s ongoing work to compare and align (if not actually harmonize) the NIST Special Publication 800-53 security control framework with the ISO/IEC 27000 series of controls.

International cooperation on security issues seems to be a theme this week. A global conference on data privacy rules convened in Spain this week, attended by hundreds of delegates from different nations, including Homeland Security Secretary Janet Napolitano, who addressed the International Conference of Data Protection and Privacy Commissioners on Wednesday, stressing the importance of information sharing among nations to improve security for all nations and defend against modern global threats.