Cyber Security Industry Alliance Newsletter • Volume 2, Number 5 • January 2006

Executive Director’s Message

2006 is but a half month old and we have already seen two significant data breaches. There has also been an early flurry of Hill activity: the Abramoff scandal, Supreme Court hearings, and USA Patriot Act debates for starters. With the returning 109th Congress clearly focused on upcoming elections and this legislative landscape of conflicting priorities, CSIA has kicked into high gear, confident that security issues are voter issues.

CSIA’s December 2005 National Agenda for Information Security identifies 13 specific actions required to improve information security for consumers, industry and governments globally. It is our 2006 roadmap.

One of CSIA's first action items for 2006 is to host the Data Integrity Summit on January 18 in Washington, DC. According to the American Record Management Association (ARMA), more than 90% of all business records today are electronic, posing business, financial, legal, and operational risks.

The Summit’s goal is to spark corporate executives, inside counsel and law firms to begin thinking — proactively — about data security issues. To frame the discussion, we pose probing questions. Could your company withstand a data integrity challenge? In the midst of a legal dispute? Could your data integrity practices make you liable for breaches? Do your senior executives understand their fiduciary obligations for ensuring the integrity of electronic records?

We hope this program will illustrate the consequences of failing to include security measures in any business model and instigate businesses to begin incorporating security measures into their strategic planning.

CSIA continues its efforts in the fight against spyware. On February 9, we join the Anti-Spyware Coalition (ASC) and Federal Trade Commission Chairman Deborah Platt Majoras in the first public spyware workshop. CSIA has formally endorsed the ASC’s Risk Model Description that helps provide transparency in how anti-spyware companies evaluate software applications.

Our Second Annual Town Hall meeting, to be held on February 15 in conjunction with RSA 2006, will be an executive-level dialogue on creating efficient and effective government and private sector information security policies and practices. On the same day, I'll have the honor of announcing the RSA Conference 2006 Excellence in Public Policy Award winner. This is the second year CSIA cosponsors this award.

Spyware and data breach issues are just the tip of the iceberg. Last year, CSIA encouraged Congress and the Administration to raise the profile of information security; improve information sharing, threat analysis, and contingency planning; and to prioritize and fund research and development. We continue to encourage Congress and the Administration to follow through on these initiatives. CSIA is working with our industry colleagues, and we are prepared to work with Congress and the Administration as we move these agenda items forward in 2006.