 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News -
Security:
Nat'l Cyber Security Partnership
Releases Industry Framework
The Corporate Governance Task Force of the National Cyber Security
Partnership
(NCSP) released a management framework and call to action to industry,
non-profits and educational institutions, challenging them to integrate
effective information security governance (ISG) programs into their corporate
governance processes.
The NCSP Task Force report identifies cyber security roles and
responsibilities within corporate management structures and references and
combines industry-accepted standards and best practices, metrics and tool sets
that bring accountability to three key elements of corporate governance
programs and information security systems: people, process and technology.
Although information security is often viewed as a technical issue, it is
also
a governance challenge that involves risk management, reporting and
accountability. As such, it requires the active engagement of executive
management and boards of directors across all industry sectors and among non-
profit organizations and educational institutions. By using the ISG framework
and assessment tools, organizations can integrate information security into
their corporate governance programs and create a safer business community for
themselves and the enterprises that interact with them.
Web services, utility computing, .NET, CPU harvesting and distributed
computing are just a few of the technologies that fall under the Grid
computing umbrella. Gt04 -- a premiere enterprise Grid computing conference
targeting industrial and commercial users -- will gather experts, and outline
strategies and road maps for Grid deployment. For more information, visit
www.gt04.com.
Grid computing is here!
In addition to the recommendations and tool sets contained in the report,
the
NCSP plans to assist organizations seeking to meet the Task Force call to
action by promoting ISG implementation through an awareness and rollout
campaign in the coming months.
"In this era of increased cyber attacks and information security breaches,
it
is essential that all organizations give information security the focus it
requires," said Amit Yoran, director of the National Cyber Security Division,
IAIP, at the Department of Homeland Security. "Addressing these cyber and
information security concerns, the private sector will not only strengthen its
own security, but help protect the homeland as well. The Department of
Homeland Security supports the Task Force's call on organizations to make
information security governance a priority and to use tools such as the ones
described in this report to develop effective information security governance
programs."
The recommendations that follow are designed for broad application to
private
sector businesses across all sectors, non-profit organizations and educational
institutions:
- Organizations should adopt the information security governance
framework
described in the report and embed cyber security into their corporate
governance process.
- Organizations should signal their commitment to information security
governance by stating on their Web sites that they intend to use the tools
developed by the Corporate Governance Task Force to assess their performance
and report the results to their board of directors.
- All organizations represented on the Corporate Governance Task Force
should
signal their commitment to information security governance by voluntarily
posting a statement on their Web sites. In addition, TechNet, the Business
Software Alliance, the Information Technology Association of America, the
Chamber of Commerce and other leading trade associations and membership
organizations should encourage their members to embrace information security
governance and post statements on their Web sites. Furthermore, all Summit
participants should embrace information security governance and post
statements on their Web sites, and if applicable, encourage their members to
do so as well.
- The Department of Homeland Security should endorse the information
security
governance framework and core set of principles outlined in this report, and
encourage the private sector to make cyber security part of its corporate
governance efforts.
- The Committee of Sponsoring Organizations of the Treadway Commission
(COSO)
should revise the Internal Controls-Integrated Framework so that it explicitly
addresses information security governance.
"It is the fiduciary responsibility of senior management in organizations
to
take reasonable steps to secure their information systems. Information
security is not just a technology issue, it is also a corporate governance
issue," said Art Coviello, president and CEO at RSA Security, and co-chair of
the Corporate Governance Task Force. "This call to action is the work of many
competing institutions coming together with common purpose -- to develop a
framework that is easy to understand and still leads to improved security; to
develop a tool-set that organizations of all sizes can implement; and to
deliver recommendations that will help get this done on a voluntary basis
across many sectors of the economy. We have done our job and now we encourage
CEOs and Boardrooms across this country to do theirs."
"We cannot solve our cyber security challenges by delegating them to
government officials or CIOs. The best way to strengthen US information
security is to treat it as a corporate governance issue that requires the
attention of Boards and CEOs," said Bill Conner, chairman, president and CEO
of Entrust Inc. "Today's call to action delivers the necessary framework, and
the process to de-risk cyber security, corporate governance and our economy.
As we implement these recommendations, we will reap the rewards of
productivity growth, customer satisfaction and improved competitiveness, and
gain the larger reward of enhanced homeland security."
A full copy of the report can be downloaded at
www.cyberpartnership.org/init-governance.html.
|