Entrust Executive Testifies Before U.S. House Subcommittee Hearing on Cyber Security & Consumer Data

"The cyber security threat is real, and there is strong consensus around the steps that industry must take," said Burton.  "It is incumbent on this subcommittee to galvanize industry efforts to protect sensitive consumer and business information. This can only be accomplished by securing the private sector IT systems that control the majority of the nation's critical infrastructure."

Burton recommended the following for enterprises intent on securing their information networks and critical infrastructures:

• A business information security governance framework for risk assessment and reporting with executive management engagement and board oversight is essential. A good governance framework will produce a transparent process that allows management to assign responsibility and make investment decisions to address unacceptable risks.
  
  
• Information security is a very broad topic with seemingly endless detail. Companies should not try to solve the problem all at once. Instead, they should begin with the top-level policy issues.
  
  
• Business information security governance is a continuous improvement program. Like quality, cyber security improvement requires numerous iterative exercises in a continuous journey. Companies should complete one cycle of the program at a high level, report to the Board on their performance, fine-tune their program and begin another cycle with slightly more rigor. Repeated cycles will lead to real improvements.

"Whatever course is taken, the objective should be to encourage companies to treat cyber security as a corporate governance issue that includes business risk assessment and reporting with management accountability," continued Burton.

A full copy of Burton's testimony is available at http://www.entrust.com/news/files/testimony_11_19_03.pdf. Others testifying at today's hearing include: Orson Swindle, Commissioner, Federal Trade Commission; Howard Schmidt, Vice President and Chief Information Security Officer, eBay Inc.; Scott Charney, Chief Trustworthy Computing Strategist, Microsoft Corp.; David Morrow, Managing Principal, Global Security and Privacy Services, EDS; Mary Ann Davidson, Chief Security Officer, Oracle Corp.; Joseph Ansanelli, Chairman and CEO, Vent, Inc.; and Roger Thompson, Vice President of Product Development, PestPatrol.

Entrust's CEO, chairman and president Bill Conner is set to serve as co-chair of the Corporate Governance Task Force that will convene at the upcoming National Cyber Security Summit, a public-private initiative jointly sponsored by the U.S. Department of Homeland Security and members of the high-tech industry. The Summit, hosted by Department of Homeland Security National Cyber Security Division Director Amit Yoran, will be held December 3, 2003 in Silicon Valley, California.   Conner also currently serves as co-chair of the Business Software Alliance's Information Security Governance Task Force, which recently released a management framework and white paper entitled, "Information Security Governance: Toward a Framework for Action".  A full copy of the white paper can be found at https://www.entrust.com/contact/index.cfm?action=wpdownload&tpl=resources&resource=ITgovtaskforce.pdf&id=20935.

For more information about this press release please contact us.

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other Entrust product names and service names are trademarks or registered trademarks of Entrust, Inc or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.