NCSP Releases Industry Framework

The corporate governance task force of the National Cyber Security Partnership (NCSP) released a management framework Monday challenging companies and institutions to integrate effective information security governance (ISG) programs into their corporate governance processes.

“It is the fiduciary responsibility of senior management in organizations to take reasonable steps to secure their information systems, said Art Coviello, president and CEO at RSA Security, and co-chair of the corporate governance task force.

“Information security is not just a technology issue, it is also a corporate governance issue. This ‘call-to-action’ is the work of many competing institutions coming together with common purpose — to develop a framework that is easy to understand and still leads to improved security; to develop a tool-set that organizations of all sizes can implement; and to deliver recommendations that will help get this done on a voluntary basis across many sectors of the economy.”

Although information security is often viewed as a technical issue, it is also a governance challenge that involves risk management, reporting and accountability. As such, it requires the active engagement of executive management and boards of directors across all industry sectors and among non-profit organizations and educational institutions, the NCSP said in a statement.

The task force report identifies cyber security roles and responsibilities within corporate management structures and references and combines industry-accepted standards and best practices, metrics and tool sets that bring accountability to three key elements of corporate governance programs and information security systems: people, process and technology.

In addition to the recommendations and tool sets contained in the report, the NCSP plans to assist organizations seeking to meet the task force call to action by promoting ISG implementation through an awareness and rollout campaign in the coming months.

“In this era of increased cyber attacks and information security breaches, it is essential that all organizations give information security the focus it requires, said Amit Yoran, director of the National Cyber Security Division, IAIP, at the Department of Homeland Security.

A full copy of the report can be downloaded here.

The NCSP is led by the Business Software Alliance (BSA), the Information Technology Association of America (ITAA), TechNet and the U.S. Chamber of Commerce in voluntary partnership with academics, CEOs, federal government agencies, and industry experts.

Following the release of the 2003 White House National Strategy to Secure Cyberspace and the National Cyber Security Summit, the NCSP was established to develop shared strategies and programs to better secure and enhance America’s critical information infrastructure. For more information, please visit

This article was compiled and edited by CIO Update staff. Please direct any
questions regarding its content to Allen Bernard, Managing Editor.