In This Issue

• Executive Director’s Message
• Anti-Spyware Coalition:   Building Consensus in the Fight Against Spyware
• FTC Choicepoint Settlement: A Turning Point for Data Integrity
• Summary of Data Integrity Summit: Legal Implications of IT Security
• Anti-Spyware Public Workshop Defines Problems, Seeks Solutions
• CSIA Events at RSA 2006
• Ari Schwartz Earns the RSA Excellence in Public Policy 2006 Award


• CSIA Town Hall Meeting


• RSA 2006: Master Schedule of CSIA Events
• Global Perspectives
• CSIA Member Spotlight
• About CA, Inc.
  
• Cyber Security Meets Hollywood
• Congressional Spotlight
• About Senator Gordon Smith
  
• U.S. SAFE WEB Act of 2005
• Legislative Update
• CSIA in the News
• Upcoming Events
• Member List
• Archives
• Contact Us

CSIA Member Spotlight

About CA, Inc.

Name: CA, Inc.

CSIA Membership Level:  Charter

Chief Executive Officer and CEO: John Swainson

Founded:  1976

Headquarters:  Islandia, NY

Number of Employees:  15,300

Total Revenue:  $3.5 billion

About CA:  CA, Inc. (CA) is one of the world's largest IT management software providers. Our software and expertise unify and simplify complex IT environments in a secure way across the enterprise for greater business results. CA’s solutions help businesses manage systems, networks, security, storage, applications and databases securely and dynamically. Founded in 1976, CA today is a global company with headquarters in the United States and 150 offices in more than 45 countries. We serve more than 98% of Fortune 1000© companies, as well as government entities, educational institutions and thousands of other companies in diverse industries worldwide.

Areas of Specialization:

Security

• Identity and Access Management
• Threat Management
• Security Information Management
• Mainframe Security

Storage

• Storage Resource Management
• Data Availability
• Storage Optimization
• Mainframe Storage

Business Service Optimization

• Asset Management
• Project and Portfolio Management
• Business Process Management
• Mainframe Resource Management
• Mainframe Business Management

Enterprise Systems Management

• Desktop Management
• Application Management
• Network Management
• Server Management
• Database Management
• Job Optimization
• IT Documentation & Visualization

Mainframe

• Mainframe Security
• Mainframe Storage
• Mainframe Business Service Optimization
• Mainframe Infrastructure Management
• Mainframe Metadata Management

Cyber Security Meets Hollywood

By John T. Sabo, CISSP, Director, Security and Privacy Initiatives

It might take Hollywood-style visual imagery and story-telling to properly communicate the profound challenges facing cyber security in 2006. I’m guessing it would be a sci-fi thriller (unfortunately, not a comedy), and it would require the talent of a Steven Spielberg to pull off.

In a movie, what would our cyber world look like? You know the cliché of a camera shot zooming inside a computer and traveling across fiber, all glowing bits and bytes and landing inside – what? A terrorist cell hacking into financial data, a state-sponsored probe of government system vulnerabilities, a company surreptitiously collecting consumer information without consent, thousands of zombie PC’s carrying out their secret command to attack a commercial Web site, or an inside attacker exploiting poor identity and access controls to steal hundreds of thousands of employee records?

Or would the best image really be a pullback shot, from a single networked transaction back through the almost indescribable complexity of our networked IT infrastructure embedded in nearly every business process, government system, consumer home, car and entertainment device, and in every sector of the global economy? Whether using hundreds of isolated cyber disruptions or a massive network failure, a provocative movie script would paint 2006 as a vision of cyber chaos.

Without doubt, cyber security in 2006 has become incredibly more complex and challenging, with vulnerabilities, threats and risks multiplying almost exponentially, and with very, very high stakes. Its legal, policy, procedural and technical components have become totally intertwined in daily life and business, which makes the job of measurably improving cyber security daunting. But as a security management company and a member of CSIA, CA believes that the challenge must be addressed. Alongside other CSIA members, we have been working hard to improve cyber risk management, bringing our expertise, technical knowledge, and market presence to collectively address key issues such as promoting secure deployment of SCADA, RFID, VoIP, IPv6, and other important technologies.

In the policy arena, CSIA members promote comprehensive data breach and spyware legislation and develop guidance to promote effective enforcement of policies. We understand the danger of superficial band-aid policy "fixes" to IT security problems, and work to educate lawmakers and policy officials. We try to get on the front end of issues and advocate important initiatives such as secure information sharing under HSPD-12 and expanded regional education and awareness efforts.

And finally, we serve as leaders in cross-sector and industry-government initiatives that represent key elements of a comprehensive, global cyber security strategy: committee work and leading projects associated with establishing a new IT Sector Coordinating Council, supporting operational information sharing through the IT-ISAC, and providing time and expertise as part of our input to the Department of Homeland Security as it drafts national critical infrastructure protection and response plans.

CA and the other members of CSIA understand the scope of these challenges and are working hard to address them. This may not make a script for a sci-fi thriller, but it is important work and an important pathway for managing and mitigating cyber security risks in 2006.