http://www.computerworld.com/securitytopics/security/story/0,10801,86455,00.html?nas=PM-86455
October 27, 2003 New Law Would Require Computer Security Audits & Status Reports Computerworld reports new legislation being drafted by Congress would require all publicly-traded companies to conduct independent computer security assessments and report the results yearly in their annual reports. Known as the Corporate Information Security Accountability Act of 2003, the bill is being sponsored by Rep. Adam Putnam, (R-FL), chairman of the House Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census. The bill would require companies to inventory their critical IT assets; provide an annual risk assessment; spell out their risk mitigation, incident response and business continuity plans; lay out company policies and procedures for reducing security risks to an acceptable level; and detail tests of the company's security controls and techniques to ensure their effectiveness.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
