IDA will be issuing code of practise for Service Providers to bolster Secure & Resilient Internet infrastructure. As per the statement,
The Code covers the protection of the core Internet infrastructure such as routers, switches and critical network components, and details the objectives and controls essential to prevent, detect and respond to security incidents. These requirements, which are consistent with internationally recognised standards and best practices for the industry, will put the ISPs in good stead and provide assurance to their consumers.
I couldn't find a copy in IDA website but I strongly support the initiative and IMO it could've been done years back. I've a strong belief that the code (SRII-CoP) is modeled something like the NIST/CIS recommendations. If IDA include the requirement to protect the customers (e.g. Anti Spam, Anti Virus, Anti Spyware, DDOS etc) that'd be the best from IDA in recent years. This should be offered free of cost, as this is becoming basic and even Google offers some sort of protection by giving a warning if we try to visit a site with malware/spyware. IMO, ISP's need to invest some money to protect their customers and the ROI for them is most likely 'less calls to their contact centers'.
Hope IDA releases the document for public so we can understand the details and also create new documents/recommendations to secure Routers & Firewalls in Enterprise networks. This will greatly help SME's and other organizations to work on a common benchmarking framework.
No comments:
Post a Comment