Putnam seeks industry emphasis on info security

If companies don't incorporate information security best practices into their planning and management, the House of Representatives' technology leader says he will try to make them do it.

"While I would clearly prefer an option that did not require a legislative initiative to address this matter as a management issue and incorporate fundamental 'best practices' into information security planning, I have prepared a draft bill that would require an annual information security risk assessment by publicly traded companies," Rep. Adam Putnam (R-Fla.) wrote in an Oct. 30 letter to the Information Technology Association of America.

Putnam, chairman of the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census subcommittee, outlined his concern that companies are treating security as just a technology issue and not a corporate one. The Federal Information Security Management Act (FISMA) of 2002 fostered an emphasis on best practices at federal agencies, but there is no similar across-the-board oversight for the private sector.

The draft Corporate Information Security Accountability Act has gone through several experts in the private sector and, so far, has received positive responses and suggestions, Putnam said. In addition, however, he has organized a working group to work with the subcommittee staff on the draft and to look at potential alternatives to legislation.

The Business Software Alliance last month released a white paper with the beginnings of a security governance framework for the private sector, drawing from FISMA and other security guidance. Officials are hoping to expand on that framework, working with other industry organizations.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.