How Much Cybersecurity Is Enough? | Avnet Silica

Standardization Versus Risk Management: How Much Cybersecurity Is Enough?

May 28, 2021 | Provided By Avnet Silica

SEE ALL AVNET ARTICLES

There’s no doubt that cybersecurity is a complex topic to legislate. Given how fast-moving security’s components are, legislation is often too slow and cumbersome. Antonio Ramos, CEO of Leet Security, a cybersecurity ratings agency based in Madrid and member of the Stakeholder Cybersecurity Certification Group (SCCG), says that recent trends in legislation around cybersecurity are, in general, positive.

Define how to measure cybersecurity and then establish how much you need.
_{Antonio Ramos, CEO of Leet Security}

“Now cybersecurity is a ‘hot’ topic and politicians are aware of it,” he adds. Nevertheless, he is critical of the overall focus on certification and minimum requirements and would like to see more emphasis on risk management approaches. “We keep thinking about cybersecurity as something that can be standardized, which, by definition, is impossible. Cybersecurity is a risk management issue which depends on risk appetite, risk exposure, and many other things that make it impossible to define which is the right level of cybersecurity for every single case.

Standardization versus risk management - data chart

Certification is perfect for establishing a minimum level of requirements to start doing business in a field, but then we should open the hand to offer other kinds of mechanisms that have proven useful in other markets, such as rating, labeling, self-assessment, or auditing,” he says. Rather than defining a list of security controls for every situation, an alternative approach is to define how to measure cybersecurity and then establish how much is needed in each case, suggests Ramos. “This approach is much more efficient and improves the efficiency of certification. In fact, this approach is the one that the Spanish Center for Protection of Critical Infrastructures (CNPIC) is using for the definition of the cybersecurity certification framework for critical operators. A scheme with different levels against which operators can set certifications and then the Center decides which level is right depending on the criticality of the infrastructure,” he explains.

How Much Cybersecurity Is Enough? | Avnet Silica

Sign up for the Avnet Silica Newsletter!

Stay up-to-date with latest news on products, training opportunities and more!

Join Now

Take a DEEP look into the future!

Get the latest market trends and in-depth trainings on our Digital Event Experience Portal!

Explore now

Avnet Silica Design Hub

Browse and review hundreds of proven reference designs to accelerate your design process. Our designs can be modified and saved in our AVAIL design tool and then exported to your CAD tool of choice.

START YOUR DESIGN

How Much Cybersecurity Is Enough? | Avnet Silica

Transformative IoT solutions with the STM32 32-bit Wireless MCU Series

June 1, 2023

Choosing the right microcontroller for your project is crucial. In this post, we’ll explore the capabilities of ST’s 32-bit wireless MCU, STM32WBA52 and the IoT applications that benefit most from them.

Key Considerations of Condition Monitoring

February 27, 2023

Condition monitoring is one of the pivotal ways in which the advent of Industry 4.0 is bringing about major improvements within the industrial sector.