Report urges companies to adopt management framework for information security
The Corporate Governance Task Force of the National Cyber Security Partnership last week issued a management framework and call to action to industry, nonprofit organizations, and educational institutions, challenging them to integrate information-security programs into processes for corporate governance.
As described by Robert Holleyman, president and CEO of the Business Software Alliance, a member of the partnership, security isn't just a technical issue but an executive-management challenge. The report, "Information Security Governance: A Call To Action" offers five recommendations toward this end that focus on CEO and board involvement in committing to and publicizing their commitment to the information-security-gov- ernance framework.
In some ways, information-security governance has always been an executive concern, given the related financial responsibilities faced by CEOs, says Howard Hantman, director of corporate information security at RSA Security Inc. "But to make those meaningful," he says, "you have to have information-security controls as well."
While some companies already operate according to the proposed management framework, Hantman says for many, this will be a wake-up call.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.