Security Standards and the Internet: Keeping the Cyber Barbarians Beyond the Gates

Andrew Updegrove, Partner, Gesmer Updegrove LLP

1/10/2011
(Original Publish Date: 7/1/2009)

Until the advent of the Internet, security was largely based upon limiting physical access to tangible things of value, including information, which existed only in two forms: as it had been recorded on paper or other fixed media, and as it could be retained in the unaided recollection of individuals who, in turn, had gained physical access to that media. The advent of electronic databases and the Internet, combined with business models that require that many partners be given at least limited access to electronically transmitted and archived data, has dramatically altered the security landscape. As virtually all aspects of public and private life become deployed on the Internet, new standardized tools are "needed and must be implemented" to control the growing levels of risk. In this article, I survey the challenges we face to implementing effective cybersecurity, the types of standards used to provide it, the organizations that develop such standards, and the initial steps that the United States federal government is taking to implement them.