Gifts Under $30 Gifts Under $50 iPhone Emergency SOS Saves Man MyHeritage 'Time Machine' Guardians of the Galaxy 3 Trailer White Bald Eagle Indiana Jones 5 Trailer Black Hole's 1,000 Trillion Suns
Want CNET to notify you of price drops and the latest stories?
No, thank you

Alliance takes security call to boardroom

The White House cybersecurity adviser, the Big Four accounting firms and two tech industry groups band together to educate top management about data security.

Two information technology groups have teamed with the four largest accounting firms to hash out guidelines and best practices that they say executives need in order to secure their companies.

TechNet, a lobbying group of more than 150 information technology companies, said Tuesday that it would work with the Internet Security Alliance to create the guidelines in the next six months.

"We are really trying to answer the challenge that the government gave us," said Rick White, president and CEO of the technology-industry lobby TechNet. "We think that with these three groups--the government, the industry and the tech community--bringing their efforts to bear, we can really make this work."

President George W. Bush in February 2003 said the United States government would not regulate technology companies, but rather would promote cooperation between the industry and the government to secure infrastructure.

The two technology groups will use the expertise of the four large accounting firms--KPMG, PricewaterhouseCoopers (whose consulting arm is now part of IBM), Deloitte & Touche and Earnst & Young--to help create the guidelines. The starting point will be a top-10 list of security steps for executives that the Internet Security Alliance has already created.

"We wanted to aim at the top because we believe that at the top, with boardroom involvement and (policy) trickling down, we can get the best results," said John Shaughnessy, vice chairman of the Internet Security Alliance and senior vice president for security and fraud protection at Visa International.

The groups plan to release the guidelines and then to set a date by which its membership should comply with the security steps.

"The question kept being asked: 'Is anyone really going to do something?'" said Howard Schmidt, the White House cybersecurity advisor. He pointed out that hardware and software makers have already started to tighten up their products' security and that infrastructure companies are identifying their weaknesses.

More needs to be done, he stressed. "Time is of the essence. We have not been able to get people on board quickly."

The United States government continues to eschew regulations as a solution to the security problem, said Schmidt. Companies that don't follow best security practices will answer to the markets, not the government, he said.

"There will not be sanctions," he said. "The sanctions will be that consumers won't buy their products or services."

TechNet's White said he thinks the approach will work.

"Our hope here is to shame the industry into creating a higher level of security," he said. He added that "shame" might be a bit strong of a word, but that security groups' efforts have paid off.

"I think there is a certain sense of urgency here."