Citibank is the latest in a string of companies to fall victim to online data breaches impacting millions of consumers. Perhaps then it should be no surprise that the U.S. Department of Commerce has issued a report encouraging a ‘Code of Conduct’ for I-Commerce. This comes almost a month after the Obama Administration's Cybersecurity Legislative Proposal, which includes concepts such as National Data Breech Reporting.
Typically in the U.S., not-for-profit professional standards organizations write codes of conduct/ethics for the Information Security profession. For example, members of the Information Systems Audit and Control Association, ISACA, are guided by a Professional Code of Ethics while members of the International Information Systems Security Certification Consortium, Inc., (ISC)2, may follow this Code of Ethics. Many IT professionals belong to multiple organizations and implicitly sign-off on their respective Codes of Conduct when they enroll.
The Insurance Journal recently highlighted the plight of business owners everywhere and the Department of Commerce's subsequent proposal in this June 9, 2011 article.
What do you think about the Cybersecurity Legislative Proposal and the Department of Commerce's proposed Code of Conduct? Are they enough to protect our data?
- John Brady and Heather Smee