PC security audits for businesses? | CNET News.com: "PC security audits for businesses?
Last modified: November 6, 2003, 12:28 PM PST
By Declan McCullagh
Staff Writer, CNET News.com
Publicly traded U.S. corporations would have to certify that they have conducted an annual computer security audit, according to a draft of long-awaited legislation the U.S. House of Representatives is preparing.
The audit must be conducted by an independent party and assess 'the risk and magnitude of the harm that could result from the unauthorized access,' alteration or destruction of company computers, says the draft, prepared by Rep. Adam Putnam, R-Fla. Putnam is chairman of a House technology subcommittee.
'Given the magnitude of the threat and the depth of the vulnerabilities that exist today, it is imperative that we address this matter aggressively and collaboratively in order to enhance the protection of the nation's information networks on behalf of the American people and the U.S. economy,' Putnam said in a statement this week. He warned that the Federal Information Security Management Act established detailed security regulations for agencies to follow, but private companies have no such obligations."