Paul Kurtz notes progress created by Federal Information Security Management Act, cites need for greater uniformity and adoption of international standards such as ISO 27001
Washington D.C. – July 18, 2007 – Neupart A/S, an industry leading information security risk management and awareness company, today posted on its website the transcript of Advisory Board member Paul Kurtz's testimony before a joint subcommittee of the U.S. Congress. Kurtz's testimony provided a review and assessment of the Federal Information Security Management Act (FISMA) of 2002, and provided some key recommendations for the improvement of Federal IT Security based on developments in the private sector.
"FISMA is a good first step in what will surely be a long – and increasingly collaborative – process between the public and private sectors in safeguarding the integrity of the Federal IT infrastructure. However, as timely and well intentioned as FISMA was in 2002, the current law must evolve if it is to be effective in light of new technology and continually emerging threats.", said Kurtz, COO of Good Harbor Consulting, LLC, in his testimony. Among the key trends cited by Kurtz that are driving the need to evolve are the need for greater empowerment of federal Chief Information (Security) Officers, the changing nature of IT and information security and the global drive towards common security standards.
A key issue identified by Kurtz are the narrow metrics that don't necessarily fit all federal agencies and their security programs. Kurtz specifically identified the International Organization for Standardization (ISO) 27001 information security certification as a key part of the future of federal IT security. Said Kurtz, "ISO-27001 can be customized to the needs of individual organizations, thereby avoiding FISMA's 'one-size fits all' approach to cyber security."
According to Lars Neupart, CEO of Neupart A/S, "We understand that there is no panacea for the complex issues of information security, particularly as they relate to the problems faced by very large government agencies. However, we feel that the move towards international standards is irresistible and will provide some of the answers needed to help organizations tailor a standard framework to their policy needs. We expect both ISO 27001 and the Payment Card Industry Data Security Standard (PCI/DSS) to play an increasingly important role for organizations of all types and sizes. Neupart is committed to taking a leadership role in the discussion over security best practices and we thank Paul Kurtz for his contributions to public discourse."
Neupart is promoting industry awareness of ISO 27001 and other important security policy trends with thought leading educational content. Paul Kurtz's full transcript and our webcast, "ISO 27001: Today and Tomorrow", are both online at www.neupart.com/27k.
Neupart is a multinational corporation focused on strategic information security solutions, combined with the expertise of acknowledged partners worldwide. Neupart is an ISO 27001 certified company. Neupart's SecureAware is an unparalleled product suite allowing you to build a world class, standards-based information security management system that spans people, process and technology.
SecureAware's rich content, customizable tools and hierarchical security design allow your organization to perform enterprise risk management (ERM), create and disseminate rational policies and ensure organizational accountability through ingenious user awareness programs tied directly to your policies and processes. With a full ISO 27001/17799 content engine, SecureAware Enterprise provides the industry's most effective platform to achieve and maintain 27001 compliance and certification, and contains an elegant framework to map global security standards with your own locale-specific regulatory requirements. See www.neupart.com for more information about Neupart.
U.S.: Jim Reavis
Neupart Inc.
360.820.2545
jim.reavis@neupart.com
Denmark: Lars Neupart
Neupart A/S
+45 7025 8030
lars.neupart@neupart.com
About Neupart, Inc.Neupart, an ISO 27001 certified company, is the leading provider of governance, risk, and compliance management (GRC) solutions. Neupart helps large enterprises manage complex regulatory mandates and operational risk, and provides small businesses with little or no security expertise an all-in-one platform for compliance, best practices and awareness. Neupart generates ROI for its customers by collecting policies, IT controls and risk information that are in disparate locations throughout the enterprise; automating repeatable processes and allowing the organizations to quickly respond to new compliance mandates, audit requests and evolving business risks. The Neupart SecureAware platform is a collaborative workflow system that is delivered as software, an appliance, or Software as a Service (SaaS). The library of security objects and modular functionality allows organizations to rationalize and reduce security controls, perform full lifecycle management of risk assessments and IT audits, and create one defensible standard of care. SecureAware's content engine can rapidly incorporate and map between unlimited control frameworks, standards and regulations through its Standard Manager with Smart Object Linking capability. Whether your issues are PCI compliance, governmental regulations, ISO 27000 best practices or managing evolving business risks, Neupart allows your organization to respond effectively to these challenges and "future proof" your compliance program. |
ContactPhone+1 (360) 820-2545 Fax+1 (360) 392-6078 Address2553 Crescent Street |