Report urges companies to adopt management framework for information security
The Corporate Governance Task Force of the National Cyber Security Partnership last week issued a management framework and call to action to industry, nonprofit organizations, and educational institutions, challenging them to integrate information-security programs into processes for corporate governance.
As described by Robert Holleyman, president and CEO of the Business Software Alliance, a member of the partnership, security isn't just a technical issue but an executive-management challenge. The report, "Information Security Governance: A Call To Action" offers five recommendations toward this end that focus on CEO and board involvement in committing to and publicizing their commitment to the information-security-gov- ernance framework.
In some ways, information-security governance has always been an executive concern, given the related financial responsibilities faced by CEOs, says Howard Hantman, director of corporate information security at RSA Security Inc. "But to make those meaningful," he says, "you have to have information-security controls as well."
While some companies already operate according to the proposed management framework, Hantman says for many, this will be a wake-up call.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.