Full Disclosure mailing list archives
Corporate Information Security Accountability Act of 2003
From: Paul Tinsley <pdt () jackhammer org>
Date: Mon, 03 Nov 2003 14:51:40 -0600
Sorry if this has been discussed already, but I figured many of you would find this interesting and possibly disturbing.
http://www.computerworld.com/securitytopics/security/story/0,10801,86455,00.html?nas=PM-86455October 27, 2003 New Law Would Require Computer Security Audits & Status Reports Computerworld reports new legislation being drafted by Congress would require all publicly-traded companies to conduct independent computer security assessments and report the results yearly in their annual reports. Known as the Corporate Information Security Accountability Act of 2003, the bill is being sponsored by Rep. Adam Putnam, (R-FL), chairman of the House Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census. The bill would require companies to inventory their critical IT assets; provide an annual risk assessment; spell out their risk mitigation, incident response and business continuity plans; lay out company policies and procedures for reducing security risks to an acceptable level; and detail tests of the company's security controls and techniques to ensure their effectiveness.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Corporate Information Security Accountability Act of 2003 Paul Tinsley (Nov 03)
- Re: Corporate Information Security Accountability Act of 2003 Jonathan A. Zdziarski (Nov 03)
- Re: Corporate Information Security Accountability Act of 2003 Peter van den Heuvel (Nov 04)
- Re: Corporate Information Security Accountability Act of 2003 Jonathan A. Zdziarski (Nov 03)