Businesses Promise Security Plan By March 1.By Kevin Murphy There are many people named Kevin Murphy:
Four major business associations came out of the National Cyber Security Summit this week with a roadmap, working groups, a work plan, and a promise to have "initial deliverables" to present to corporate America by March 1 2004. The National Cyber Security Summit Alliance, as the group is called, comprises the US Chamber of Commerce, the Business Software Alliance, the Information Technology Association of America See ITAA. and TechNet. Under guidance from the CERT US, a program of the US Department of Homeland Security Noun 1. Department of Homeland Security - the federal department that administers all matters relating to homeland security Homeland Security executive department - a federal department in the executive branch of the government of the United States and Carnegie Mellon University Carnegie Mellon University, at Pittsburgh, Pa.; est. 1967 through the merger of the Carnegie Institute of Technology (founded 1900, opened 1905) and the Mellon Institute of Industrial Research (founded 1913). , the Alliance members have formed five working groups, each to study a piece of the security puzzle not adequately addressed. One group will look at awareness-raising. It will try to figure out how to teach internet users from individuals to large enterprises and government agencies how important it is to take care of their own security for the benefit of all. Another group will attempt to identify how to better and more quickly disseminate information relating to security issues such as threats, vulnerabilities and incidents, and to create a "common lexicon" to do this. The third will look at defining the role of the chief security officer in corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. . The fourth will try to figure out ways to improve the Common Criteria, a security seal program administered in the US by the National Institute of Standards and Technology National Institute of Standards and Technology, governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. . The fifth and possibly most important working group will get into the nitty-gritty of how to actually secure the software that hypothetical cyberterrorists would exploit. It will try to figure out "how to achieve meaningful and measurable vulnerability reductions". Microsoft is leading this group through chief security strategist Scott Charney, along with Ron Moritz, head of Computer Associates International Inc's security products, and Catherine Allen, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of the Banking Industry Technology Secretariat. This group will focus on "collaborative standards, tools, and measures for software, new tools and methods for rapid patch deployment, and best practice adoption" as well as how to better build security into software from the ground up in future. Since the Bush administration released its National Strategy to Secure Cyberspace In the United States government, the National Strategy to Secure Cyberspace, is a component of the larger National Strategy for Homeland Security. The National Strategy to Secure Cyberspace was drafted by the Department of Homeland Security in reaction to the September 11, 2001 back in February there has been a lot of talk about how to implement it, more calls to action than can be easily counted, and not a great deal of concrete activity. The Strategy was seen by some as vague. Indeed, many specific propositions contained in earlier drafts were reportedly eschewed at the request of an industry hesitant of being forced to do anything. It seems now the threat of legislation has kick-started things. At the summit on Wednesday, Robert Liscouski, DHS DHS Department of Homeland Security (USA) DHS Department of Human Services DHS Department of Health Services DHS Demographic and Health Surveys DHS Dirhams (Morocco national currency) assistant secretary told an audience of senior executives: "There are a lot of people out there willing to legislate how you should be doing your work. If that's what you want, that's what you'll get." Indeed, there is a piece of draft legislation doing the rounds that would require companies to disclose their security status in Securities and Exchange Commission filings, much the same way they had to report Y2K See Y2K problem and Y2K compliant. Y2K - Year 2000 compliance in the late 1990s. The new Alliance working groups seem to be the first significant step towards fending off that threat by creating some public-private partnership self-regulation. The work is expected to continue beyond the initial deliverables deadline of March. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion