Senior Execs Must Tackle Cyber-Security, U.S. Report Says:
"WASHINGTON (Reuters) - Corporate chieftains must take responsibility for their computer networks to secure them from viruses, worms and other online attacks, an industry task force said on Monday.
Long the domain of network administrators, computer security must command the attention of those in the boardroom as well, said the task force, which developed its report under the guidance of the Department of Homeland Security.
'Executives must make information security an integral part of core business operations,' the task force said. 'There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance.'
Online attacks can clog computer networks, knock vital Web sites offline and expose customer records to prying eyes. Viruses and worms like SoBig and Slammer have cost businesses billions of dollars in lost productivity.
The U.S. government released a strategy last year to improve the security of the nation's computer networks, but it contained few hard-and-fast rules for the private companies that control 85 percent of the Internet.
Instead, industry officials working with the Department of Homeland Security have released a flurry of reports this spring outlining voluntary ways that companies can improve security.
The task force, led by security companies Entrust Inc. (ENTU.O: Quote, Profile, Research) and RSA Security Inc. (RSAS.O: Quote, Profile, Research) , presented a framework that executives could use to assess the state of their computer networks, based on internal U.S. government methods and an international quality-assessment standard.
Chief executives need to examine their networks annually and present their findings to the board of directors, the report said.
That process could hold executives accountable for their efforts under a 2002 accounting reform law, the Sarbanes-Oxley Act. "