Software group has security framework

Information Security Governance: Toward a Framework for Action

The Business Software Alliance's Information Security Governance Task Force released its security management framework today.

The document, titled "Information Security Governance: Toward a Framework for Action," is meant to help companies comply with federal laws and alleviate increased consumer security concerns. It is modeled after the structure outlined for government agencies in the Federal Information Security Management Act of 2002. The framework breaks down business drivers, roles and responsibilities and metrics for chief executives, business unit heads, program managers and other managerial personnel.

"Information security is not just a technical issue that can be addressed by the CIO," said Bill Conner, chief executive officer, chairman and president of Entrust Inc., and cochairman of the task force. "It is a corporate governance issue that must be addressed by CEOs and boards of directors."

Companies' need for a governance structure is particularly strong right now with a number of federal regulations and laws in place requiring security and privacy measures, according to BSA. These include the Health Insurance Privacy and Accountability Act and the Graham-Leach-Bliley Act, which respectively focus on the health care and financial services industries.

The Bush administration, through the Homeland Security Department's Information Analysis and Infrastructure Protection Directorate, has launched a major push encouraging the private sector to increase its security capabilities. The National Infrastructure Advisory Council will meet next week to discuss industrywide efforts, including guidelines for disclosing vulnerabilities and best practices for sharing and analyzing incident information.

Featured

  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.