My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.

Keyed Up

The SEC could force companies to take security more seriously.
Magazine Contributor
2 min read

This story appears in the February 2004 issue of Entrepreneur. Subscribe »

How safe is your company from hackers and all the other perils of an ever more tightly connected online world? The SEC is mulling over a proposal to require public firms to outline what they're doing to minimize these risks.

Among those discussing such disclosures with the SEC is the Department of Homeland Security. "What are you doing about your security-physical and cyber?" asks Secretary of Homeland Security Tom Ridge. "Tell your shareholders; tell your employees; tell the communities within which you operate."

"Our critical [cyber] infrastructure must have the same level of protection as our waterways, bridges, railways, streets and borders if we are to be secure," says Rep. Adam H. Putnam (R-FL). He adds that many of those running key operations have failed "to take the threat seriously, to receive adequate training, and to take the steps needed to secure their networks." Putnam, chair of the House Committee on Government Reform's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, initiated the discussion of publicizing cybersecurity measures and is considering legislation to force the SEC's hand if needed.

"We're trying to elevate the whole issue of information security to the CEO level," explains Bob Dix, the Subcommittee's staff director. "It's still viewed as a technical as opposed to a management issue. There needs to be a wake-up call." Reporting requirements would not be onerous, consisting of a checklist covering items such as critical IT assets, says Dix. The checklist would appear in standard documents such as annual reports. Privately held firms would be exempt, but Dix expects a trickledown effect-not only will smaller firms consider taking the same security steps, but those that partner with big firms may have to upgrade their defenses sooner rather than later.

"Some people resist any kind of government role in the market," Dix acknowledges, and security experts have suggested the federal government should focus on security research or setting security standards for the software it purchases. But so far, Dix says, the reporting proposal has raised little opposition.

More from Entrepreneur

Kim's expertise can help you become a strong leader, pitch VCs for capital, and develop a growth strategy.
Jumpstart Your Business. Entrepreneur Insider is your all-access pass to the skills, experts, and network you need to get your business off the ground—or take it to the next level.
Are you paying too much for business insurance? Do you have critical gaps in your coverage? Trust Entrepreneur to help you find out.

Latest on Entrepreneur