One idea for motivating organizations to do a better job stemming rampant databreaches: give them tax incentives to do so. Patricia Titus, Ã‚Â the former CISO at the Transportation Security Administration within the Department of Homeland Security, and current CISO at Unisys Federal Systems, makes the case in this exclusive LastWatchdog guest blog post. Comments are encouraged.



By Patricia Titus

CISO, Unisys Federal Systems

How do we as a nation address the abysmal approach to IT security?Ã‚Â Law makers have been wrestling with the idea of more regulations, but that may not be enough to encourage better security practices.Ã‚Â We already have several regulations that have not gotten us closer to the end zone.Ã‚Â I’m in favor of tax incentives for companies that demonstrate effective IT security practices, but this cannot be done without the development of a well thought out approach.Ã‚Â Critical success factors must be developed in the form of a concise set of performance measures based on standards.

The Department of Commerce has already charged the National Institute of Standards and Technology (NIST) Computer Security Division to develop a set of special publications and guidelines called Federal Information Security Management Act (FISMA). These well thought out guidelines such as the Special Publication 800-53 provide federal government chief information security officers with a standardized approach to effective IT security.Ã‚Â Why can’t this same division be charged with creating the same standards for the private sector?

The language in these guidance documents is so slanted toward the federal government that it’s difficult to get corporate executives to see their value.Ã‚Â Also CEO’s are cost cutting right now and implementing a program that may increase operating or capital expenses may not be appealing.Ã‚Â However, if the adoption of these security standards were tied to a tax incentive, perhaps the CEO would be willing to spend a few dollars to gain this compensation.

October 13th, 2009 | Guest Blog Post | Obama watch | Steps forward