Software group has security framework

Information Security Governance: Toward a Framework for Action

The Business Software Alliance's Information Security Governance Task Force released its security management framework today.

The document, titled "Information Security Governance: Toward a Framework for Action," is meant to help companies comply with federal laws and alleviate increased consumer security concerns. It is modeled after the structure outlined for government agencies in the Federal Information Security Management Act of 2002. The framework breaks down business drivers, roles and responsibilities and metrics for chief executives, business unit heads, program managers and other managerial personnel.

"Information security is not just a technical issue that can be addressed by the CIO," said Bill Conner, chief executive officer, chairman and president of Entrust Inc., and cochairman of the task force. "It is a corporate governance issue that must be addressed by CEOs and boards of directors."

Companies' need for a governance structure is particularly strong right now with a number of federal regulations and laws in place requiring security and privacy measures, according to BSA. These include the Health Insurance Privacy and Accountability Act and the Graham-Leach-Bliley Act, which respectively focus on the health care and financial services industries.

The Bush administration, through the Homeland Security Department's Information Analysis and Infrastructure Protection Directorate, has launched a major push encouraging the private sector to increase its security capabilities. The National Infrastructure Advisory Council will meet next week to discuss industrywide efforts, including guidelines for disclosing vulnerabilities and best practices for sharing and analyzing incident information.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.