Contact Join
Please update your Flash Player

News

CSIA, ITAA Announce Plans to Join Forces

April 8, 2008

For More Information Contact:
Charlie Greenwald (703) 284-5305 [email protected]

Arlington, VA - The Information Technology Association of America (ITAA) today announced that the members and programs of Cyber Security Industry Alliance's (CSIA) will join the ITAA as a means to create the industry's premier cyber security public advocacy and awareness program.

"We are delighted that CSIA chose to bring its important work to ITAA," said ITAA president and CEO Phil Bond. "The global reach of CSIA, with its Brussels office, will bring valuable new perspective and resources to ITAA's own Information Security program and complement our work with the World Information Technology and Services Alliance (WITSA). We look forward to working closely with the member companies of the CSIA and their C-level executives to promote the security of information systems with a unified voice."

"Combining ITAA and CSIA reflects how the impact of information security issues on public policy has grown at both the national and global level," said Phil Dunkelberger, president and chief executive officer, PGP Corporation, and vice chairman, CSIA. "Since CSIA's formation in February 2004, the challenges associated with protecting information assets online have increasingly broadened to include not just security providers but the IT industry as a whole. Bringing ITAA and its grassroots, national and global resources together with the CSIA is the next logical step to maintaining a consistent voice on critical information security public policy."

CSIA Board of Directors, made up of CEOs of the member companies, will become an Advisory Board to the ITAA Commercial Sector Board, and will lend guidance and strategic direction to the combined Information Security program. The CSIA Brussels office will continue to focus exclusively on cyber security working with both ITAA and WITSA. CSIA White Papers will be available through ITAA.

With some members already in common, the addition of the CSIA companies increases ITAA membership to more than 350 companies. Final legal agreements are pending. The CSIA-ITAA combination follows on the heels of the April 1 merger of ITAA with the Government Electronics and Information Technology Association (GEIA).

About the Cyber Security Industry Alliance
The Cyber Security Industry Alliance is the only international public policy advocacy group dedicated exclusively to ensuring the privacy, reliability and integrity of information systems. Led by CEOs from the world's top security providers, CSIA believes a comprehensive approach to information system security is vital to the stability of the global economy. Its offices are located in Washington, DC, and Brussels, Belgium. In today's digital age, where the integrity of information systems is paramount, the allure of secure online environments has never been greater. This principle extends to the realm of online gambling, where the オンラインカジノ 入金不要ボーナス offers a safe entry point, reflecting the comprehensive approach to security championed by the CSIA.

Members of the CSIA include Application Security, Inc.; CA, Inc. (NYSE: CA); Bharosa Inc.; BSI Management Systems; Crossroads Systems, Inc. (OTCBB Pink Sheets: CRDS.PK); Entrust, Inc. (NASDAQ: ENTU); F-Secure Corporation (HEX: FSC1V); IBM Internet Security Systems Inc. (NYSE: IBM); iPass Inc. (NASDAQ: IPAS); Lavasoft; MXI Security; PGP Corporation; Qualys, Inc.; RSA, The Security Division of EMC (NYSE: EMC); Secure Computing Corporation (NASDAQ: SCUR); Surety, Inc.; SurfControl Plc (LSE: SRF); Symantec Corporation (NASDAQ: SYMC); and TechGuard Security, LLC.

About ITAA
The Information Technology Association of America (ITAA) is the premier IT and electronics industry association working to maintain America's role as the world's innovation headquarters. With the April 1, 2008 merger of the Government Electronics and Information Technology Association (GEIA), ITAA provides leadership in market research, standards development, business development, networking and public policy advocacy to over 350 corporate members. These members range from the smallest start-ups to industry leaders offering Internet, software, services and hardware solutions to the public and commercial sector markets. ITAA offers the industry's only grassroots-to-global network, carrying the voice of IT to companies, markets and governments at the local, state, national and international levels to facilitate growth and advocacy. The Association maintains a formal alliance with more than 40 regional groups in the U.S. and Canada, representing 16,000 technology-related companies through the Council of Regional Information Technology Associations. It also serves as secretariat for the World Information Technology and Services Alliance, a network of 69 industry associations from around the world. For more information, visit www.itaa.org.

April 2008

CSIA Recommends Congress Address FISMA Reform Now in Senate Subcommittee Testimony

CSIA President Tim Bennett testified on March 12, 2008 before the Subcommittee on Financial Management, Government Information, Federal Services, and International Security of the Senate Homeland Security and Government Affairs Committee. The Subcommittee is chaired by Senator Tom Carper (D-DE) and the hearing focused on "Agencies in Peril: Are We Doing Enough to Protect Federal IT and Secure Sensitive Information?"

In his testimony, Bennett suggested that the time for strengthening FISMA is now given the escalating, large scale information security intrusions and data losses that have occurred at our federal agencies over the past couple of years. Bennett noted the points below.

  • Unsurprisingly, the Information Technology Association of Americas recent report based on its annual survey of federal CIOs found, for the second year in a row, that the broad area of IT security and cybersecurity remains the top challenge faced by Federal CIOs.
  • CSIA member company Symantec revealed in its most recent 2007 Internet Security Threat Report that the government sector (after home users and the education sector) is the third most targeted sector for global cyber attacks and wholly responsible for 26 percent of all data breaches that may lead to identity theft.
  • Several recent press reports tell of a series of attacks perpetrated by hackers operating through Chinese Internet servers against our computer systems at several federal agencies. Hackers were able to penetrate Federal systems and use rootkits a form of software that allows hackers to mask their presence to send information back out of federal agency systems.
  • Federal agencies scored an average grade of C- on 2007s information security report card. Last years average grade was a very small improvement over 2006 when agencies scored an average of D+. These are barely passing grades.

Bennett stated that FISMA is a great baseline log, but clearly much more needs to be done in this area. We need to incentivize strong information protection policies and pursue a goal of security rather than compliance.

Bennett's full written testimony can be found at http://www.csialliance.org/policy_priorities/testimony/Tim_Bennett_Written_Testimony_3-12-08.pdf and his oral statement at http://www.csialliance.org/policy_priorities/testimony/Tim_Bennett_Oral_Testimony_3-12-08.pdf.

March 2008

CSIA President Calls for FISMA Reform in Testimony Before House Subcommittee

CSIA's President, Tim Bennett, testified on February 14, 2008, before the Subcommittee on Information Policy, Census and National Archives of the Committee on Oversight and Government Reform of the U.S. House of Representatives on the current state of compliance with the Federal Information Security Management Act of 2002 (FISMA) and recommendations for improvements to FISMA. Bennett was part of a five-person panel that also included The Honorable Karen S. Evans, Administrator, E-Government and Information Technology, Office of Management and Budget; Mr. Gregory C. Wilshusen, Director, Information Security Issues, Government Accountability Office; Mr. Alan Paller, Director of Research, SANS Institute; and Mr. Bruce McConnell, President, McConnell International, LLC.

Before providing comments on FISMA, Bennett first commended the Subcommittee and its parent committee for the sustained attention that they have each given in recent years to the critical objective of strengthening information security within U.S. federal agencies. He stressed the importance of Congress holding federal agencies accountable for improved information security, as the infiltration and/or exploitation of information are among the most critical issues confronting our federal government. While much progress has been made, much work remains to be done in order to truly secure our government's IT infrastructure.

Bennett asserted that FISMA does not tell the whole story when it comes to agencies' information security practices. Nowhere is an agency's ability to detect and respond to intrusions measured in FISMA. FISMA is a great baseline log, but clearly much more needs to be done in this area. We need to incentivize strong information protection policies and pursue a goal of security rather than compliance. The FISMA process is a good one, but we need to always ask ourselves if we can make it better as new threats evolve. We believe that optimal security policies would require agencies to monitor networks, test penetration, complete forensic analyses, and mitigate vulnerabilities.

With the benefit of five years' experience under FISMA and several insightful reports by the U.S. General Accountability Office, it is now possible to identify possible improvements that can address those weaknesses in FISMA implementation that have now become apparent. With global attacks on data networks increasing at an alarming rate and in a more organized and sophisticated manner, Bennett urged this Session of the 110th Congress to amend as appropriate as there is precious little time to lose.

CSIA's endorsement of H.R. 4791, the Federal Agency Data Protection Act of 2007, was also included in Bennett's remarks. That proposed legislation would undertake the important step of codifying many of the recommended steps that the Office of Management and Budget took in a series of memos to U.S. federal agencies after a series of significant data breaches during the past couple of years. The legislation would also provide much needed commonsense obligations to require agencies to develop policies and plans to identify and protect personal information, to develop requirements for reporting data breaches, and to report to Congress a summary of information security breaches reported by federal agencies.

CSIA's full set of recommendations for H.R. 4791 and Bennett's full testimony can be found at http://www.csialliance.org/policy_priorities/testimony/Bennett-CSIA_re_FISMA_and_4791.pdf.

February 2008

Study Shows Data Breach Costs Continue to Rise

The Ponemon Institute announced the results of the 2007 Annual Study: Cost of a Data Breach, which was sponsored by CSIA Members PGP Corporation and Vontu, Inc. Initiated in 2005, the study examines the financial consequences of data breaches involving consumers personally identifiable information. This years results show that the cost of failing to protect customers private data is on the rise.

According to the study, data breach incidents cost companies $197 per compromised customer record in 2007, compared to $182 in 2006. Lost business opportunity, including losses associated with customer churn and acquisition, represented the most significant component of the cost increase, rising from $98 in 2006 to $128 in 2007 a 30 percent increase. Average total per-incident costs in 2007 were $6.3 million, compared to an average per-incident cost of $4.8 million in 2006.

More information is available at: http://www.pgp.com/downloads/research_reports/ponemon_reg_direct.html

November 2007

CSIA Releases Compilation of Data Sources for Information on Cyber Security Issues

When researching cyber security issues, one quickly learns there is no single source of information on either the scope of the problem or its impact. While a lot of important studies have been conducted by both industry and government, finding needed statistical information can be a challenge because there is no complete listing of reliable information on attack trends and vulnerabilities, the economic and consumer impact of data breaches and cyber crime, and other relevant industry data. To assist both our member companies and the broader public, CSIA has compiled a list of known sources of information and statistics on topics related to cyber security. As one might imagine, this list is not complete or comprehensive, but should provide an extensive roadmap for the user.  View the compiled data sources.

First issued in August 2007, updated monthly.

Testimonials

A trusted Internet is critical to Americas continued economic leadership.  The CSIA acts as a crucial forum for industry debate and consensus-building, impacting federal legislation that maintains public confidence in our information infrastructure. Ken Denman, Chairman and CEO, iPass

MultiMedia