Corporate Disclosure Of Security Plans?
Saw this over at SNN
Senator Robert Bennett's suggestion that every corporation be required to publicly disclose its cyber security methods is intriguing. If a corporation is forced to reveal its security strategy, it must actually have a security strategy. Companies could not afford to ignore security issues, because consumer and stockholder pressure would not allow for it. However, this requirement could also lull consumers into a false sense of security. A company can tell the public that it uses firewalls, for example, but how can it assure them that the firewalls are configured correctly? The level of detail required from companies would have to be determined carefully. Too little detail would add little public benefit. Too much detail gives outsiders excessive information about a company's infrastructure and architecture.