Corporate Information Security Accountability Act of 2003

[Paul Tinsley <pdt () jackhammer org>]

Sorry if this has been discussed already, but I figured many of you 
would find this interesting and possibly disturbing.

http://www.computerworld.com/securitytopics/security/story/0,10801,86455,00.html?nas=PM-86455

October 27, 2003 New Law Would Require Computer Security Audits & Status 
Reports Computerworld reports new legislation being drafted by Congress 
would require all publicly-traded companies to conduct independent 
computer security assessments and report the results yearly in their 
annual reports. Known as the Corporate Information Security 
Accountability Act of 2003, the bill is being sponsored by Rep. Adam 
Putnam, (R-FL), chairman of the House Subcommittee on Technology, 
Information Policy, Intergovernmental Relations, and the Census. The 
bill would require companies to inventory their critical IT assets; 
provide an annual risk assessment; spell out their risk mitigation, 
incident response and business continuity plans; lay out company 
policies and procedures for reducing security risks to an acceptable 
level; and detail tests of the company's security controls and 
techniques to ensure their effectiveness.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html