IT Security Providers Lobby for Incentives | eWeek

IT Security Providers Lobby for Incentives

Écrit par
Caron Carlson
Caron Carlson
Apr 19, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

The U.S. government does not need to mandate IT security audit reporting because corporate America will adopt best practices voluntarily, industry lobbyists promised. But they said Congress could encourage the process by providing incentives, such as limited liability for security breaches, tax breaks for buying qualified products and an antitrust exemption for group boycotts of uncertified goods.

A broad cross-section of U.S. businesses have asked Congress to be allowed to establish security specification agreements for software and hardware purchases.

In a recommendation delivered to the House technology subcommittee, several industry groups are seeking an exemption from antitrust laws if they jointly refuse to purchase uncertified products.

The proposal, part of a set of recommendations covering a broad range of cyber-security practices meant to deflect the possibility of new regulations, was not received favorably by IT security providers.

“Im not sure if that necessarily works,” Art Coviello, president and CEO of RSA Security Inc., of Bedford, Mass., told eWEEK. “All businesses have different requirements. And, quite frankly, they might not be qualified [to establish standards].”

Fragmenting security standards on an industry-specific basis could be counterproductive, said Bill Conner, chairman, president and CEO of Entrust Inc., of Addison, Texas.

“To the extent that you start getting industry-specific, youre working against yourself. We need a common framework that we can all measure to,” Conner said. “As a supplier, you cant create eight different levels.”

The antitrust exemption and other recommendations were delivered to Rep. Adam Putnam, R-Fla., who chairs the technology subcommittee. Last year, Putnam drafted legislation that would require publicly traded companies to file an information security status report as part of their yearly Securities and Exchange Commission filing. He postponed introducing the bill, however, and convened a Corporate Information Security Working Group to find alternative ideas.

The working group concluded that traditional regulations wont be effective when it comes to network security because national laws dont address the international nature of cyberspace. In addition, public disclosure of security problems could guide terrorists in their work, the group told Putnam. Instead of the “stick” of traditional government mandates, the industry is urging Congress to provide the “carrots.”

Limiting liability for security breaches or providing safe-harbor protections could encourage the insurance industry to offer cyber-risk insurance—something that isnt widely offered today because the potential costs are considered too high. Increasing the availability and use of insurance would, in turn, encourage more companies to adopt best practices in order to receive favorable insurance rates.

The working group also suggested economic incentives for IT security investments, but it is widely agreed that the proposal would face a tough battle in the current budgetary climate.

/zimages/4/28571.gifCheck outeWEEK.coms Security Centerat http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:/zimages/4/19420.gifhttp://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.