Business & Finance
04:36 PM
Connect Directly

Secure Partnership

Report urges companies to adopt management framework for information security

The Corporate Governance Task Force of the National Cyber Security Partnership last week issued a management framework and call to action to industry, nonprofit organizations, and educational institutions, challenging them to integrate information-security programs into processes for corporate governance.

As described by Robert Holleyman, president and CEO of the Business Software Alliance, a member of the partnership, security isn't just a technical issue but an executive-management challenge. The report, "Information Security Governance: A Call To Action" offers five recommendations toward this end that focus on CEO and board involvement in committing to and publicizing their commitment to the information-security-gov- ernance framework.

In some ways, information-security governance has always been an executive concern, given the related financial responsibilities faced by CEOs, says Howard Hantman, director of corporate information security at RSA Security Inc. "But to make those meaningful," he says, "you have to have information-security controls as well."

While some companies already operate according to the proposed management framework, Hantman says for many, this will be a wake-up call.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
Increasing IT Agility and Speed To Drive Business Growth
Learn about the steps you'll need to take to transform your IT operation and culture into an agile organization that supports business-driving initiatives.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.