[Full-Disclosure] Corporate Information Security Accountability Act of 2003
Paul Tinsley
pdt at jackhammer.org
Mon Nov 3 20:51:40 GMT 2003
Sorry if this has been discussed already, but I figured many of you
would find this interesting and possibly disturbing.
http://www.computerworld.com/securitytopics/security/story/0,10801,86455,00.html?nas=PM-86455
October 27, 2003 New Law Would Require Computer Security Audits & Status
Reports Computerworld reports new legislation being drafted by Congress
would require all publicly-traded companies to conduct independent
computer security assessments and report the results yearly in their
annual reports. Known as the Corporate Information Security
Accountability Act of 2003, the bill is being sponsored by Rep. Adam
Putnam, (R-FL), chairman of the House Subcommittee on Technology,
Information Policy, Intergovernmental Relations, and the Census. The
bill would require companies to inventory their critical IT assets;
provide an annual risk assessment; spell out their risk mitigation,
incident response and business continuity plans; lay out company
policies and procedures for reducing security risks to an acceptable
level; and detail tests of the company's security controls and
techniques to ensure their effectiveness.
Full-Disclosure is hosted and sponsored by Secunia.