Putnam seeks industry emphasis on info security

If companies don't incorporate information security best practices into their planning and management, the House of Representatives' technology leader says he will try to make them do it.

"While I would clearly prefer an option that did not require a legislative initiative to address this matter as a management issue and incorporate fundamental 'best practices' into information security planning, I have prepared a draft bill that would require an annual information security risk assessment by publicly traded companies," Rep. Adam Putnam (R-Fla.) wrote in an Oct. 30 letter to the Information Technology Association of America.

Putnam, chairman of the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census subcommittee, outlined his concern that companies are treating security as just a technology issue and not a corporate one. The Federal Information Security Management Act (FISMA) of 2002 fostered an emphasis on best practices at federal agencies, but there is no similar across-the-board oversight for the private sector.

The draft Corporate Information Security Accountability Act has gone through several experts in the private sector and, so far, has received positive responses and suggestions, Putnam said. In addition, however, he has organized a working group to work with the subcommittee staff on the draft and to look at potential alternatives to legislation.

The Business Software Alliance last month released a white paper with the beginnings of a security governance framework for the private sector, drawing from FISMA and other security guidance. Officials are hoping to expand on that framework, working with other industry organizations.

Featured

  • Federal 100 Awards
    Federal 100 logo

    Fed 100 nominations are now open

    Help us identify this year's outstanding individuals in federal IT.

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.