ISSA Supports Efforts to Recommend Corporate Information Security Governance

Report from Homeland Security Task Force Highlights Need for Executive


Apr 20, 2004, 01:00 ET from ISSA

    OAK CREEK, Wis., April 20 /PRNewswire/ -- The Information Systems Security
 Association (ISSA) today announced support for the initiative taken by the
 Corporate Governance Task Force to create a public-private partnership
 framework for improved information security.  The Task Force, which was
 launched at the National Cyber Security Summit in December 2003 in partnership
 with the U.S. Department of Homeland Security, issued a report last week
 entitled "Information Security Governance: A Call to Action."  Key to the
 report's recommendations was to treat information security as a corporate
 governance issue to assure a measure of involvement from senior executives and
 board members.
     ISSA, which leads a number of initiatives to promote security education
 and awareness worldwide, was represented on the Corporate Governance Task
 Force by Dave Cullinane, President, and Michael Rasmussen, VP of Standards and
 Public Policy.
     "This report should be reviewed by information security executives and
 professional groups like the Global CSO Council and the ISSA's CISO Executive
 Forum before it is adopted by the DHS," said Cullinane.  "A vetting period
 will help assure that the report fully reflects the issues faced by those
 responsible for corporate security, and it will expand on the great efforts of
 the Corporate Governance Task Force to set this project in motion."
     Information security executives are typically required to comply with a
 number of regulations such as HIPAA, GLBA, and Sarbanes-Oxley.  ISSA works
 with professionals and industry groups to offer guidance that make these tasks
 more manageable from a business perspective.  In addition to ISSA, top
 security vendors including RSA Security and Entrust (the CEOs of which
 co-chaired the Task Force), as well as key industry groups such as TechNet
 (which served as the secretariat) have shown significant leadership in the
 Corporate Governance Task Force.
     "We hope that the work and commitment demonstrated by the Department of
 Homeland Security and this Task Force drives increased participation in
 information security at all levels of business," said Rasmussen.  "There is
 still additional work to be done to create a framework of guidance with global
 buy-in from top to bottom, but the Corporate Governance Task Force has
 developed an important high-level governance framework that can be implemented
 by organizations of many sizes across various sectors.  ISSA's initiative to
 create Generally Accepted Information Security Principles complements the
 efforts of this Task Force, and we encourage other organizations, corporations
 and end-users to get involved in these initiatives going forward."
     The Generally Accepted Information Security Principles (GAISP) offers a
 comprehensive hierarchy of guidance for a globally consistent, practical
 framework for information security.  Addressing information security
 principles at the executive, management, field and technical levels, the GAISP
 integrates existing industry standards and best practices into a single point
 of reference.
     About the ISSA
     With active participation from individuals and chapters all over the
 world, the Information Systems Security Association (ISSA)(R) is the largest
 international, not-for-profit association specifically for security
 professionals.  It provides educational forums, publications and peer
 interaction opportunities that enhance knowledge, skill and professional
 growth.  Members include practitioners at all levels of the security field in
 a broad range of industries, such as communications, education, healthcare,
 manufacturing, financial and government.
     The ISSA international board consists of some of the most influential
 people in information security, and association membership exceeds 10,000 in
 nearly 100 different countries.  With an international communications network
 developed throughout the industry, the ISSA is focused on maintaining its
 position as The Global Voice of Information Security.