South-Western - Management  
A Need for Greater Cybersecurity
Topic Control
Key Words Control, cybersecurity
News Story

A 37-member task force has produced a report on cybersecurity as part of an industry partnership with the Homeland Security Department. Its goal was to address computer breaches that have cost businesses and consumers billions of dollars.

The report stated that senior executives have ignored computer security or left it to their technology officers, who might not have the clout or inclination to make necessary changes. Chief executives of U.S. corporations and their boards of directors should assume direct responsibility for securing the networks and should be required to certify their cybersecurity measures, as they are now required to do for financial statements.

The report further recommends that auditing firms examine cybersecurity readiness when certifying that companies have adequate internal and financial controls. Internal control must take into account cybersecurity. If this occurs, government regulations will not be necessary to insure compliance. This would require major auditing firms to agree on guidelines for cybersecurity controls.

The recommendations require chief executives to order annual security evaluations and to report the results to their boards of directors. It also asks companies to certify on their websites that they have adopted the guidelines from the task force.

Questions
1.

The task force recommended that auditing firms examine cybersecurity readiness when certifying that companies have adequate internal and financial controls. Do you agree that this is an effective plan? Why or why not?

2.

Do you believe cybersecurity should be legislated to insure compliance? Why or why not?

Source "A Need for Greater Cybersecurity," Washington Post April 12, 2004, p. A02.
Instructor Discussion Notes Discussion Notes
These notes are restricted to qualified instructors only. Register for free!

Return to the Control Index

©2004  South-Western.  All Rights Reserved     |