IAC explores salvaging the mission of CISO Exchange

With controversy about the newly formed Chief Information Security Officers Exchange marring its debut, there's a push under way for a well-established industry group to take over the mission.

The Industry Advisory Council was approached this week by several government officials ? "some who are members of the CISO Exchange, and some who are not" ? to consider creating a new Shared Industry Group focusing on federal information security, said Bob Woods, IAC chairman. He declined to name the officials involved, saying it was a preliminary, informal proposal.

The proposal, which was presented as salvaging the CISO Exchange's mission, will be discussed by the council Wednesday, Woods said.

"I got calls saying, 'This thing's so screwed up, what can we do to fix it?'" Woods said. "I was surprised at how quickly [these government officials] wanted to talk about this. I think they looked at it and said something has to be done."

The CISO Exchange was announced in February by Rep. Tom Davis (R-Va.), co-chairman of the group, but the controversy did not begin until after April 6, when the exchange's advisory board was named. To be an industry member of the advisory board, the exchange required a $75,000 fee. Lower levels of participation had fees of $25,000 and $5,000.

The fees and the structure of the exchange raised concerns that the group appeared to be a vehicle for gaining exclusive access to Davis, chairman of the Government Reform Committee. Davis and several others have said they are re-evaluating their participation.

Woods said he did not know if Davis approves of the proposal to involve IAC. "I have no idea," Woods said. "It's not a formal request."

"There are people saying this is a good idea, but we think the venue needs to be different," Woods said.

To avoid competing with an existing group, Woods said he hopes to obtain a formal request from the government officials who approached him, or from the CISO Exchange, before IAC takes action.

"We would be willing to help, but we will not insert ourselves into someone else's efforts," Woods said.

Woods said he had no involvement with the planning or creation of the CISO Exchange.

"I think the problem with this was that it was too greedy. If it had been 25 grand, nobody would have paid attention," Woods said.