 |
|
DAILY NEWS AND INFORMATION FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News -
Security:
BSA Task Force Unveils Info.
Security Governance Framework
The Business Software Alliance (BSA) Information Security Governance Task
Force announced a management framework that the private sector can implement
to address the growing need for cyber security and existing regulatory
requirements. The task force, co-chaired by Entrust Chairman, President and
CEO Bill Conner and Internet Security Systems Inc (ISS) President and CEO
Thomas Noonan, was created to elevate information security governance issues
to the higher management level within companies and organizations.
The framework was presented in a white paper released during the BSA's
annual
CEO Forum held today in Washington, D.C., which included meetings with
administration and congressional leaders. As part of these visits, the task
force provided copies of the white paper entitled "Information Security
Governance: Toward a Framework for Action."
Findings of the study include:
- Government has already established a significant legislative and
regulatory
environment around IT security, and is considering additional action.
- Information security is often treated solely as a technology issue, when
it
should also be treated as a governance issue.
- There is already broad consensus on the actions necessary to remedy the
problem.
- Lack of progress is due in part to the absence of a governance
framework.
"Information security is a critical and growing issue. According to
Carnegie
Mellon University's CERT Coordination Center, the number of reported cyber
security incidents has doubled every year since 2000," said Holleyman. "We in
industry have long been focused on working with governments to combat these
growing crimes. With this task force, we hope to build upon those efforts and
provide a framework that helps companies and organizations effectively secure
their networks."
"Information security is not just a technical issue that can be addressed
by
the CIO. It is a corporate governance issue that must be addressed by CEOs and
Boards of Directors," said Conner. "Industry must recognize the reality of
existing government regulations and establish information security governance
programs if we are to make real progress. The goal of this framework is to
provide a preliminary roadmap for this effort."
"Industry needs to take responsibility for its information security
practices
and the Task Force is designed to encourage that progress," said Noonan. "If
industry does not take a leadership role on the implementation of security
best practices, we will find ourselves at the mercy of reactive regulation. We
look forward to continuing our work with the BSA and industry partners to
effectively guide the private sector toward better security."
The BSA Information Security Governance Task Force member companies
involved
in the development of this white paper include: Autodesk, Cisco, Entrust,
Intel, Internet Security Systems, Intuit, Microsoft, Network Associates,
Novell and Symantec.
|