Software group has security framework

Information Security Governance: Toward a Framework for Action

The Business Software Alliance's Information Security Governance Task Force released its security management framework today.

The document, titled "Information Security Governance: Toward a Framework for Action," is meant to help companies comply with federal laws and alleviate increased consumer security concerns. It is modeled after the structure outlined for government agencies in the Federal Information Security Management Act of 2002. The framework breaks down business drivers, roles and responsibilities and metrics for chief executives, business unit heads, program managers and other managerial personnel.

"Information security is not just a technical issue that can be addressed by the CIO," said Bill Conner, chief executive officer, chairman and president of Entrust Inc., and cochairman of the task force. "It is a corporate governance issue that must be addressed by CEOs and boards of directors."

Companies' need for a governance structure is particularly strong right now with a number of federal regulations and laws in place requiring security and privacy measures, according to BSA. These include the Health Insurance Privacy and Accountability Act and the Graham-Leach-Bliley Act, which respectively focus on the health care and financial services industries.

The Bush administration, through the Homeland Security Department's Information Analysis and Infrastructure Protection Directorate, has launched a major push encouraging the private sector to increase its security capabilities. The National Infrastructure Advisory Council will meet next week to discuss industrywide efforts, including guidelines for disclosing vulnerabilities and best practices for sharing and analyzing incident information.

Featured

  • Social Media
    Editorial credit: pcruciatti / Shutterstock.com

    They took all the tweets and put 'em in a tweet museum

    Twitter cancelled @realdonaldtrump, but the National Archives will bring presidential tweets back via the Trump library website.

  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

Stay Connected