In preparation for next months crucial cyber-security summit in California, a group of high-tech executives last week established a new task force designed to provide the Department of Homeland Security with industry input on security issues.
The Corporate Governance Task Force comprises representatives from high-tech companies and was formed by the DHS, Business Software Alliance, Information Technology Association of America, TechNet and the U.S. Chamber of Commerce.
The task forces main goal is to develop a framework for the creation of best management practices and policies relating to information security.
“Information security governance is one of the most significant issues facing business executives, policy-makers and governments worldwide,” said Bill Conner, CEO of Entrust Inc., in Addison, Texas, and co-chair of the task force.
“As the regulatory landscape continues to evolve around IT security, so does the complexity of compliance,” Conner said. “These are not simply technical issues that can be handed off to CIOs, but corporate governance responsibilities that require the attention of CEOs and boards of directors.”
The group will also help the DHS find the best ways to implement the National Strategy to Secure Cyberspace. Since its release early this year, the strategy has been collecting dust. Developed as a plan for improving the security of the nations public and private networks, the document was dismissed as being too broad and lacking specific ideas.
Part of the reason for the lack of action on the strategy is that DHS cyber-security leadership has been in flux for much of the year. The department recently appointed Amit Yoran, a former Symantec Corp. executive, as head of the National Cyber Security Division in September, and Yoran has been on the job only about two weeks.
The task force will convene at the National Cyber Security Summit Dec. 2-3 in Silicon Valley. The summit is billed as a meeting of the minds for federal, state and local security officials, as well as for industry executives. The goal is to hash out a detailed plan for implementing the national strategy. That plan is likely to include an effort to encourage vendors to reduce the number of vulnerabilities in their software products, as well as discussions about the need for a common vulnerability-reporting process.
During the summit, officials will also work on producing a long-term road map for implementing the national strategy, including specific goals and milestones.