Group suggests corporate auditors for cybersecurity

Information Security Governance report

Related Links

Corporations should hire cybersecurity auditors to examine their information systems just as they pay auditors to scrutinize their financial records, a task force of corporate and academic experts recommended in a report released today.

Security audits conducted annually would help corporations to carry out an already fiduciary responsibility, said Arthur Coviello, a co-chairman of the task force and chief executive officer of RSA Security Inc., an information security company.

If CEOs were to hire auditing companies to perform annual computer and information security audits, accounting firms could gain a substantial business increase, a fact not highlighted in the report. But security-auditing standards would need to be updated, task force members said.

In the report prepared for the Homeland Security Department, the group proposed expanded roles for CEOs and corporate governing boards in strengthening the nation's cybersecurity defenses. But it stopped short of recommending government-imposed mandates on businesses.

The importance of corporate governance for the nation's cybersecurity defenses stems from the fact that about 85 percent of the nation's critical infrastructure of power, water and sewage treatment facilities, for example, is controlled by computer systems owned and managed by private businesses.

But the guidelines proposed for corporate governance are applicable to all organizations, including nonprofit and government agencies, said Amit Yoran, director of DHS' National Cyber Security Division.

One of the recommendations of the task force was that companies should use their corporate Web sites to publicize the fact that they conduct annual security audits.

In a statement issued today, Rep. Adam Putnam (R-Fla.), one of Capitol Hill's most avid information-security watchdogs, said he is "pleased that the corporate governance task force has identified IT security as an integral business matter that should be evaluated...at the highest level of management and in corporate board rooms."

Putnam, chairman of the House Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee, has not said what legislative steps, if any, he will take in response to the recommendations in this and other recent reports on corporate cybersecurity.

Featured

  • Management
    people standing on keyboard (Who is Danny/Shutterstock.com)

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/Shutterstock.com)

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/Shutterstock.com)

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.