A case for public and private review of developing it security standards

Standards are important. International IT Security Standards are critical. This paper presents the benefits of getting involved in the development of some standards, the risks of leaving such development to others, and the process of deciding which development efforts an organization should focus on It spells out the types of involvement available to organizations, paying detailed attention to public and private reviews as the most beneficial and least expensive alternative for many standards. It suggests methods for becoming a reviewer and provides 16 pointers to several important Standards Development Organizations (SDOs).