Online Security, a global provider of computer forensics and information technology risk mitigation since 1997   Original Source:    http://story.news.yahoo.com/news?tmpl=story&u=/nm/20040412/tc_nm/tech_security_dc Senior Execs Must Tackle Cyber-Security, U.S. Report Says Author:  Andy Sullivan WASHINGTON (Reuters) - Corporate chieftains must take responsibility for their computer networks to secure them from viruses, worms and other online attacks, an industry task force said on Monday. Long the domain of network administrators, computer security must command the attention of those in the boardroom as well, said the task force, which developed its report under the guidance of the Department of Homeland Security. "Executives must make information security an integral part of core business operations," the task force said. "There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance." Online attacks can clog computer networks, knock vital Web sites offline and expose customer records to prying eyes. Viruses and worms like SoBig and Slammer have cost businesses billions of dollars in lost productivity. The U.S. government released a strategy last year to improve the security of the nation's computer networks, but it contained few hard-and-fast rules for the private companies that control 85 percent of the Internet. Instead, industry officials working with the Department of Homeland Security have released a flurry of reports this spring outlining voluntary ways that companies can improve security. The task force presented a framework companies can use to assess their exposure, based on plans developed by the U.S. government and an international standards organization. CEOs should examine their networks annually and present their findings to the board of directors, the report said. The framework should help executives measure their progress on computer security and pinpoint areas of high risk, task force members said. "What is coming out of this body of work is the distillation of eight and a half feet of reports stacked on top of each other into something a board and an executive can get their head around," said Entrust Inc. CEO Bill Conner, a task force co-chair. "A lot of it is common sense. We did not reinvent the wheel here," said RSA Security Inc. CEO Art Coviello, another task force co-chair. Orson Swindle, a commissioner with the Federal Trade Commission who has been active on cyber-security matters, said companies that don't take steps to improve their security might quickly stand out in an unfavorable light. "I think you'll see industry join this because you'll become famous if you don't," said Swindle, who noted that most businesses have voluntarily adopted consumer privacy protections rather than wait for government regulation.