Paul Kurtz notes progress created by Federal
Information Security Management Act, cites need for greater
uniformity and adoption of international standards such as ISO
27001
Washington D.C. - July 18, 2007 - Neupart A/S, an
industry leading information security risk management and awareness
company, today posted on its website the transcript of Advisory
Board member Paul Kurtz's testimony before a joint subcommittee of
the U.S. Congress. Kurtz's testimony provided a review and
assessment of the Federal Information Security Management Act
(FISMA) of 2002, and provided some key recommendations for the
improvement of Federal IT Security based on developments in the
private sector.
"FISMA is a good first step in what will surely be a long - and increasingly collaborative - process between the public and private sectors in safeguarding the integrity of the Federal IT infrastructure. However, as timely and well intentioned as FISMA was in 2002, the current law must evolve if it is to be effective in light of new technology and continually emerging threats.", said Kurtz, COO of Good Harbor Consulting, LLC, in his testimony. Among the key trends cited by Kurtz that are driving the need to evolve are the need for greater empowerment of federal Chief Information (Security) Officers, the changing nature of IT and information security and the global drive towards common security standards.
A key issue identified by Kurtz are the narrow metrics that don't necessarily fit all federal agencies and their security programs. Kurtz specifically identified the International Organization for Standardization (ISO) 27001 information security certification as a key part of the future of federal IT security. Said Kurtz, "ISO-27001 can be customized to the needs of individual organizations, thereby avoiding FISMA's 'one-size fits all' approach to cyber security."
According to Lars Neupart, CEO of Neupart A/S, "We understand that there is no panacea for the complex issues of information security, particularly as they relate to the problems faced by very large government agencies. However, we feel that the move towards international standards is irresistible and will provide some of the answers needed to help organizations tailor a standard framework to their policy needs. We expect both ISO 27001 and the Payment Card Industry Data Security Standard (PCI/DSS) to play an increasingly important role for organizations of all types and sizes. Neupart is committed to taking a leadership role in the discussion over security best practices and we thank Paul Kurtz for his contributions to public discourse."
Neupart is promoting industry awareness of ISO 27001 and other important security policy trends with thought leading educational content. Paul Kurtz's full transcript and our webcast, "ISO 27001: Today and Tomorrow", are both online at www.neupart.com/27k.
Neupart is a multinational corporation focused on strategic
information security solutions, combined with the expertise of
acknowledged partners worldwide. Neupart is an ISO 27001 certified
company. Neupart's SecureAware is an unparalleled product suite
allowing you to build a world class, standards-based information
security management system that spans people, process and
technology.
SecureAware's rich content, customizable tools and hierarchical
security design allow your organization to perform enterprise risk
management (ERM), create and disseminate rational policies and
ensure organizational accountability through ingenious user
awareness programs tied directly to your policies and processes.
With a full ISO 27001/17799 content engine, SecureAware Enterprise
provides the industry's most effective platform to achieve and
maintain 27001 compliance and certification, and contains an
elegant framework to map global security standards with your own
locale-specific regulatory requirements. See www.neupart.com for more
information about Neupart.
U.S.: Jim Reavis
Neupart Inc.
360.820.2545
jim.reavis@neupart.com
Denmark: Lars Neupart
Neupart A/S
+45 7025 8030
lars.neupart@neupart.com
Neupart, an ISO 27001 certified company, provides an all-in-one IT GRC solution allowing organizations to automate IT Governance, Risk and Compliance management. Whether you need to manage evolving business risks or achieve continuous compliance with PCI DSS, ISO 27001, Sarbanes-Oxley, CSA, ENISA or WLA SCS, Neupart allows you to respond effectively - in the cloud or on the ground. More than 300 organizations worldwide are Neupart customers, including governments, utilities, banks and insurance firms, IT Service providers and lotteries. Learn more ..