, 2003-10-20
Encouraging publicly-traded companies to disclose their cyber security efforts would only force them to choose between providing vague and useless platitudes, or specific and dangerous details.
Expand all |
Post comment
DISCLAIMER: Many others may have suggested such a thing, and there may be something like this in existence so please excuse my ignorance.
Have the SEC (or some other currently existing regulatory body) create an IT security rating system. A simple score, lets say out of 100. That could be used as a tool by investors that do see a relation from the stability and profitability of a stock to the overall IT security rating of the company. This disclosure would do both, put a fire under the ass of the corporation to get its affairs in order, and give no specific information as to the nature of the security flaws.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/192/23256#23256