AITP Research: 'Managing the Information Security Process'
Wednesday, September 27, 2006
Posted by: Chris Leja
Chicago, IL - With information security risks expanding at an alarming rate, the Association of Information Technology Professionals (AITP) has published and released for public use a white paper on "Managing the Information Security Process," it was announced today by AITP Region Five President Christine Leja.
"This comprehensive research document addresses information and records management security risks based on an analysis of Federal Trade Commission (FTC) rulings in 10 landmark cases," said Ms. Leja, who served as AITP Research and Strategy Advisory Group (RASAG) chairman for this project. "Those FTC rulings defined deficiencies, which RASAG saw as an opportunity to provide recommended remedies that are applicable to many other industries."
The research findings and recommendations are posted on the AITP web site and permission has been granted for personal and non-commercial use by any and all interested parties. AITP asks that if any information is used from the white paper that AITP receive credit by pointing the reader to http://www.aitp.org.
The AITP RASAG mission is to research trends and directions in the Information Technology (IT) industry; state the findings and conclusions drawn from the research; recommend AITP strategy positions; and re-evaluate existing AITP strategy positions based on new findings.
Key AITP research findings and recommendations for "Managing the Information Security Process" include:
Increasing Federal Trade Commission cases against companies who have allegedly failed to establish, implement and maintain comprehensive information security programs;
Identifying a need for a management framework to establish, implement and maintain an effective, comprehensive and ongoing information security program;
Creating management security processes and checklists to meet minimum legal requirements applicable to information security; and
Endorsing the value of an independent assessment of the IT industry, not influenced by individual company strategies, that is written by IT professionals for IT professionals.
AITP leaders and IT executives (from academia and industry, government and legal sectors) who contributed to this research include:
Christine Leja, CCP, CIO at Southwestern Illinois College, Belleville, IL
Richard C. Barnier, Partner/Chairman, Barnier Group, LLC, Glen Ellyn, IL
Charles L. Brown, CCP, Manager of Integrated Justice Applications for the San Diego (CA) County Sheriff's Department
Paul F. Ditmann, Director, Pathfinder Associates, LLC, Chicago, IL
Robert Heimann, CVP Information Services, The Boldt Company, Appleton, WI
J. T. Westermeier, JD, CCP, Partner, DLA Piper US, LLP, Reston, VA
EDITORS NOTE: You are invited to contact AITP Region Five President Christine Leja for a personal interview; and you are hereby granted permission to publish any/all of the "Managing the Information Security Process" research report at your discretion. Editors who plan to use any/all of the report are respectfully asked to e-mail those intended-use plans to us at the web site address so we can alert our membership to its publication.