[ISN] Alliance takes security call to boardroom

From: InfoSec News (isnat_private)
Date: Wed Apr 16 2003 - 01:01:07 PDT

  • Next message: InfoSec News: "[ISN] Cryptographers sound warnings on Microsoft security plan"

    http://news.com.com/2100-1009-996997.html
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    April 15, 2003
    
    Two information technology groups have teamed with the four largest
    accounting firms to hash out guidelines and best practices that they
    say executives need in order to secure their companies.
    
    TechNet, a lobbying group of more than 150 information technology
    companies, said Tuesday that it would work with the Internet Security
    Alliance to create the guidelines in the next six months.
    
    "We are really trying to answer the challenge that the government gave
    us," said Rick White, president and CEO of the technology-industry
    lobby TechNet. "We think that with these three groups--the government,
    the industry and the tech community--bringing their efforts to bear,
    we can really make this work."
    
    President George W. Bush in February 2003 said the United States
    government would not regulate technology companies, but rather would
    promote cooperation between the industry and the government to secure
    infrastructure.
    
    The two technology groups will use the expertise of the four large
    accounting firms--KPMG, PricewaterhouseCoopers (whose consulting arm
    is now part of IBM), Deloitte & Touche and Earnst & Young--to help
    create the guidelines. The starting point will be a top-10 list of
    security steps for executives that the Internet Security Alliance has
    already created.
    
    "We wanted to aim at the top because we believe that at the top, with
    boardroom involvement and (policy) trickling down, we can get the best
    results," said John Shaughnessy, vice chairman of the Internet
    Security Alliance and senior vice president for security and fraud
    protection at Visa International.
    
    The groups plan to release the guidelines and then to set a date by
    which its membership should comply with the security steps.
    
    "The question kept being asked: 'Is anyone really going to do
    something?'" said Howard Schmidt, the White House cybersecurity
    advisor. He pointed out that hardware and software makers have already
    started to tighten up their products' security and that infrastructure
    companies are identifying their weaknesses.
    
    More needs to be done, he stressed. "Time is of the essence. We have
    not been able to get people on board quickly."
    
    The United States government continues to eschew regulations as a
    solution to the security problem, said Schmidt. Companies that don't
    follow best security practices will answer to the markets, not the
    government, he said.
    
    "There will not be sanctions," he said. "The sanctions will be that
    consumers won't buy their products or services."
    
    TechNet's White said he thinks the approach will work.
    
    "Our hope here is to shame the industry into creating a higher level
    of security," he said. He added that "shame" might be a bit strong of
    a word, but that security groups' efforts have paid off.
    
    "I think there is a certain sense of urgency here."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Apr 16 2003 - 04:23:15 PDT