Task force puts security responsibility on CEOs

The National Cyber Security Partnership's fourth task force report offers guidelines for top-down information security programs.

A security task force of private industry experts, academics and government officials released a report on Monday urging CEOs and boards of directors to take responsibility for building information security programs to prevent electronic crime and help secure the Internet.

The proposal, published by the Corporate Governance Task Force, is the fourth report to be released by the National Cyber Security Partnership, a cross-sector group that aims to create initiatives to secure e-commerce and the Internet infrastructure upon which the United States relies.

"America cannot solve its cyber-security challenges by delegating them to government officials or CIOs (chief information officers)," task force leaders wrote in a letter introducing the report. "The best way to strengthen U.S. information security is to treat it as a corporate governance issue that requires the attention of boards and CEOs."

The two leaders--F. William Conner, CEO of security firm Entrust, and Arthur Coviello, CEO of RSA Security--called for companies to adopt and support the guidelines and for the government to recognize businesses that do so. The Corporate Governance Task Force has more than 40 members, including well-known companies such as Intel, Motorola and Sun Microsystems, U.S. government agencies and such academic institutions as Carnegie Mellon and George Mason universities.

The report calls for companies to annually evaluate their information security, conduct periodic risk assessments and update their policies based on the results. In addition, the task force urged companies to educate their workers to be more aware of information security and create incident response teams.

Established late last year, the National Cyber Security Partnership brings together security experts from the private, academic and public sectors in attempt to improve security. The members divided the organization into five working groups to focus on specific problem areas: creating awareness in home computer users and small businesses; establishing a cybersecurity early warning system; making information security part of corporate governance; advocating technical best practices for security; and pushing security improvements into the software development process.

A report published in April by the Security Across the Software Development Life Cycle Task Force proposed changes to education, software development and patch methods , as well as incentives to convince software makers to improve the security of their wares. Two other reports, published in March , summarized the prescriptions of the Awareness and Outreach Task Force and the Cyber Security Early Warning Task Force.

TechNet, a lobbying group for the technology industry and the administrator for the Corporate Governance Task Force, stressed the importance of raising awareness of security among companies' top executives.

"Strong and effective information security governance is critical in strengthening our cyberinfrastructure," said Rick White, president and CEO of TechNet.

The report can be found on the National Cyber Security Partnership's Web site.

 

Discuss Task force puts security responsibility on...

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Articles from CNET
Give custom names to places in Google Maps