ANSI - American National Standards Institute
 Print this article  Previous Next 

Internet Security Alliance, ANSI Offer Market Solution To Improve Information Security

Arlington, VA | New York, NY, Apr 30, 2007

The Internet Security Alliance (ISAlliance) and the American National Standards Institute (ANSI) have joined forces to offer businesses and organizations a standards-based tool for managing information security.

The two-document resource, known as Information Security Package 27001, helps companies implement globally recognized security management practices into contract-based business operations. The publication complements Information Security Package 17799, released in September 2006.

“One of the core problems with creating a global system of Internet security is that domestic efforts are inherently limited,” said Bob Feghali, vice president and chief information officer at ANSI. “We can transcend political boundaries and use the market to motivate improved security by relying on standards that have international agreement and domestic acceptance.”

Information Security Package 27001 includes:

  • INCITS/ISO/IEC 27001:2005 - Information technology - Security techniques - Information security management systems – Requirements, an International Standard addressing information security controls within the context of an organization's overall business risks; and

  • Contracting for Information Security in Commercial Transactions Volume II: Model Contract Terms for ISO/IEC 27001 Information Security Management Services, an ISA booklet which guides the implementation of INCITS/ISO/IEC 27001 into contract-intensive relationships.

“Business networks are only as safe as their commercial partners,” said ISA president Larry Clinton. “This resource gives corporations the vehicle to protect themselves from careless contractors and cyber criminals alike by making it easy and cost effective to adapt to the most current information security standards. Using this publication will also save companies the time, legal costs and hassle of negotiating contract terms one by one.”

The language featured in ISA’s booklet embodies cyber security standards endorsed by the 9-11 Commission and implementation requirements in Senate Bill S.4. The booklet’s private sector approach relies on the self interest of companies in assuring their data is secure; legislation depends on a yet to be determined federal certification program.

Both Information Security Packages are available for purchase from the ISAlliance website and via the ANSI eStandards Store.

About ISAlliance: The Internet Security Alliance is a non-profit collaboration between the Electronic Industries Alliance (EIA) and Carnegie Mellon's CyLab and works closely with the CERT Coordination Center (CERT/CC) a leading, recognized center of Internet security expertise. The non-profit helps law firms and companies in the aerospace, defense, entertainment, financial, food service, manufacturing and telecommunications sectors by standardizing best practices in Internet security and network survivability and by working with legislators and regulators to ensure that market incentives are at the forefront of public policy.

About ANSI: The American National Standards Institute is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. The Institute is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC).

ANSI Focus on Services Standards