Task Force Issues Network-Security Guidelines | eWeek

Task Force Issues Network-Security Guidelines

Écrit par
Caron Carlson
Caron Carlson
Apr 12, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

WASHINGTON—In an ongoing effort to avoid legislation that would mandate more strict cyber-security practices, a task force of companies working with the government issued a set of guidelines Monday encouraging corporate leaders to take responsibility for network security.

Because the private sector operates most of the countrys cyber-infrastructure, the government so far has refrained from imposing broad-based laws regulating network security. Only sector-specific privacy laws, such as those covering the financial and health-care industries, have been implemented.

But as network risks proliferate, policy-makers increasingly worry that the private sector is not doing enough to safeguard its own networks.

The recommendations issued Monday by the corporate governance task force of the National Cyber Security Partnership trace guidelines established previously. The task force set forth a security governance framework, including network-assessment tools, and recommended that companies adopting the guidelines state their intentions on their Web sites.

The task force says companies should conduct periodic risk assessments, assign explicit individual roles in security management structures and use best-practices guidance such as the ISO 17799 to measure their security performance. CEOs also should conduct annual security evaluations, it said.

“A lot of this is common sense. We didnt reinvent the wheel,” said Arthur Coviello, CEO and president of RSA Security Inc., who co-chaired the task force with William Conner, chairman, CEO and president of Entrust Inc.

/zimages/5/28571.gifNetwork security has a lot of growing up to do, guest commentator Abe Kleinfeld writes.Click hereto read more.

The task force also recommended that the Department of Homeland Security endorse the framework and encourage companies to make security a part of corporate governance.

But Amit Yoran, director of the National Cyber Security Division at DHS, would not say whether the agency plans to follow the recommendations.

Coviello said chief executives today have a duty to incorporate information security into their jobs.

“I am a CEO, and I do view this as my fiduciary responsibility,” Coviello said. When asked whether defining network security as a fiduciary duty could leave companies liable in the event of a security breach, Coviello said plaintiffs attorneys would be the least of a companys problems in the event of a major network breach.

/zimages/5/28571.gifCheck outeWEEK.coms Security Centerat http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:/zimages/5/19420.gifhttp://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.