Home Cyber Security Obtaining a Cyber Security Firms License – Are They Necessary?

Obtaining a Cyber Security Firms License – Are They Necessary?

by Linda D. Yelverton

Just as with virtually any complex technology, the number of cyber security companies in operation has mushroomed and these days most of them do not have a license to operate. While this may seem like an unnecessary over-regulation of a sector that is only now getting off the ground, the fact is that it’s important to be certain your private information is protected.

Some of the more well-known cyber security firms are Verisign and Mandiant, who were once required to work within the confines of the law to monitor and police the activities of other companies that they have audited. But, since a few years back these firms were required to be licensed by the government, Verisign and Mandiant are no longer bound by this rule.

That initial impetus to require that all of these companies be licensed came about when there was growing awareness of the amount of information at stake and the frequency with which this was being accessed. In the past few years, the rise of identity theft has been widely publicized. It has even resulted in bankruptcy courts handing down hefty judgment against criminals whose ill-gotten gains have been secured through the misdeeds of another person.

The thought that the government had to do something in this regard to make sure everyone was safe was a good idea, but the law was written so broadly written it simply got out of control. That means now you can get a cyber security firm with a direct stake in your personal data without ever having to worry about them getting the better of you.

But, what of the specific areas of cyber security that require specific licenses to do business? This is where you are going to find some leeway if you are considering buying a cyber security firm, because the law will be less prescriptive and the companies will be free to go about doing what they want to do with your personal information. This is where you will want to be particularly careful because the more reckless companies can pose a real threat to your own personal safety.

One area that was passed specifically as a result of a growing concern in the cyber security industry was the mandate that companies have adequate emergency systems in place in case they had to shut down their operation temporarily. These systems were put in place as a result of recent tragedies, such as that of Senator John Ensign and his daughter, who were killed in a car accident while on a cross-country vacation with her family.

Without going into the specifics of what exactly they did not do, it’s important to remember that these companies have to maintain basic information regarding clients, their financial information, and the security systems themselves. This information needs to be protected and the vendors themselves need to abide by some sort of code of conduct in order to protect the data on their own systems.

Because of the nature of the businesses involved, however, these basic elements don’t always need to be in place by the same companies that provide services related to cyber security. There will be cases when a client is set up with a security system and they will then choose a vendor to work with that doesn’t really require the same levels of security that the original service provider did.

As a result, it’s important for you to make sure that you fully understand the system the vendor that you are working with has put in place so that you can make a responsible decision that will protect your data and keep your personal information private. While the laws are no longer in place that require all cyber security providers to work within the confines of a particular framework, that does not mean that they are not required to operate according to the highest standards of confidentiality.

It also doesn’t necessarily mean that you should not choose a new firm if the old one did not fit your specific needs. Just because your vendor does not require that you obtain a license does not mean that they are lax or irresponsible.

It’s important to consider that there are commercial grade firewalls and intrusion detection systems that are available to smaller vendors, and this is an area where some of the best hackers are found. They often have experts in their ranks who are specialized in crafting high-tech spyware and malware, so it is critical to make sure that you are getting the most out of your investment.

In today’s note, we mentioned that the laws were very specific in that there was a need for firewalls and intrusion detection systems, but it wasn’t as if these were mandatory. However, they were important steps that can be taken to protect you and your company, and this is where your best options lie, regardless of whether you’re using a local cyber security firm or working with a reputable offshore one.

Related Articles