The government's BS7799 firewall security standard is outdated and needs updating to meet modern requirements, claims Clive McCafferty, managing director of security consultancy CenturyCom.
In a statement released last week, McCafferty challenged BS7799, saying that it has "more in common with the mainframe environment than the complex, heterogeneous, distributed enterprises of today". He warned that companies are more concerned with the weight of documentation behind their security policy than with its content.
BS7799 was published in February 1995, which in Internet terms is considered to be an age ago. McCafferty's claims indicate that what may have once been an authoritative policy document has now become a bureaucratic token of compliance. "Unfortunately, in many organisations, including government, the value of a security policy document is often judged by its weight and not its content," he commented.
McCafferty, who has worked in government security since 1986, set up his security firm to advise businesses on adopting a more pragmatic and direct approach to security, taking into account the emergence of the Internet and more distributed networking.
Dr John Leach, security consultant at Network Associates, disagrees with McCafferty's interpretation of the standard: "The DTI is promoting the BS7799 standard for information security management in small to medium businesses as a set of things they should be aware of.
Although relevant, they are not hugely detailed and are not pretending to be the Bible. Major corporations will have gone beyond BS7799. It's entry-level, and adequate for that purpose."
Found by calculating the strength of the material deep inside the crust of neutron stars
Can highlight in real-time the relevant regions of an image being described
Double legal trouble for Musk as he also faces civil lawsuit over renewed British pot-holer 'paedo' claims
Battery development could help boost performance of smartphones