BSA: Industry should use FISMA standards

Find opportunities — and win them.

Federal IT security standards can serve as guide to private sector, an industry group recommends.

A software industry group suggested today that the new Federal Information Security Management Act guidelines be used by the private sector in developing information-security blueprints.

A report released by the Business Software Alliance, on the eve of the Global Tech Summit in Washington, said FISMA and the International Organization for Standardization's ISO 17799 should be part of a broader, voluntary industry framework that is needed to address information security policy and procedures.

The group, which represents some of the world's largest software companies, issued the report as part of a broader effort to heighten awareness of computer security issues and laws.

"This is a journey, it's a start," said Bill Conner, chief executive officer of Entrust Inc., a Dallas digital security company. He helped lead a BSA task force on information-security governance.

While BSA said FISMA is "overly detailed for the private sector," some components can be used by all organizations. "It is especially good at defining the people and process aspects of information security governance," according to the report.

ISO 17799 addresses best practices and standards in information security.

Before releasing the security report, top executives of BSA member companies, including Microsoft Corp.'s Steve Ballmer and Bruce Chizen of Adobe Systems Inc., spent the day in private meetings with congressional and administration leaders.