- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
As the U.S. Congress reconvenes this week after a month-long break, legislation imposing cybersecurity requirements on private industry, including a proposal that would require public companies to report their cybersecurity efforts, may be on the way.
No bill has been introduced yet, but one proposal being considered would require companies to fill out a cybersecurity checklist in their filings with the U.S. Securities and Exchange Commission. Representative Adam Putnam, chairman of the House Government Reform Committee's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, will consider introducing such a bill late this year, according to Bob Dix, the subcommittee's staff director.
While antispam legislation will continue to be the major technology focus in Congress this fall, Putnam's subcommittee is looking at the "pluses and minuses" of a cybersecurity reporting requirement, similar to SEC accounting reporting requirements mandated in the Sarbanes-Oxley Act of 2002, Dix said.
Such a law would raise awareness of cybersecurity issues above the CIO level to CEOs, while likely avoiding specific cybersecurity requirements that may not fit all businesses, said Daniel Burton, vice president of government affairs for security vendor Entrust.
"It does not mandate you must do X, which we all realize is a false start," Burton said of an SEC cybersecurity reporting requirement. "Different companies have different security needs and different risks. So it's impossible to set up a mandate for everyone."
Stockholders and boards of directors could then judge for themselves whether a company is adequately dealing with cybersecurity, Burton said. "Everyone from the board level on down is really going to be focused on what (the cybersecurity reports) are saying," he added.
The bill Putnam is considering wouldn't require companies to lay out specifics about their cybersecurity efforts, Dix said. Instead, it could take the form of a checklist, asking such questions as, "Do you have an up-to-date IT assets list?"
The bill would be intended to raise cybersecurity awareness among top-level executives at companies, Dix added.
If such a bill is introduced, the subcommittee would expect some opposition, Dix said. "My guess is there will be some who say anything that the government proposes is a great burden," he said.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment