Information Assurance for Business Assurance
Last year I provided help with the definition of information assurance objectives and controls for the systems acquisition and development domain in the Common Assurance Maturity Model (CAMM), a joint-initiative originally created by originally created by European Network and Information Security Agency (ENISA) and the Cloud Security Alliance (CSA).
My contribution was on behalf of OWASP who were among the many organisations, groups and companies supporting the CAMM initiative. Well, the project has come a long way, and is now a key contributor to the plans to create a global repository of assessments for assurance of the IT supply chain.
At the end of last week, a paper Business Assurance for the 21st Century was published defining the common vision of a single approach for assessments (either self-assessed or independently verified) to make it simpler for organisations to select suppliers and partners based on the coverage and maturity of their information assurance practices. The concept is that the global repository, or "Third Party Assurance Centre", would support a number of assurance frameworks and allow vendors to publish information in a single open format, reducing the need for numerous separate assessments for each potential customer.
All the major assurance frameworks seem to be on board, so this could well achieve a step-forward in transparency, whilst at the same time introducing cost reductions into the market.
Posted on: 19 July 2011 at 17:49 hrs
Comments are filtered automatically and should appear shortly after they been checked.