RealNews

Former White House cybersecurity czar calls for security audit standards

Richard Clarke, now a security consultant, says Congress needs to act. Former White House cybersecurity expert Richard Clarke yesterday urged for stronger standards for security audits of U.S. companies, saying congressional action is needed. “The Securities and Exchange Commission thinks it can [require audits] under its existing authority, but what I’m predicting is it will be a very vague statement and there will be no real auditing against that standard,” Clarke told reporters at the opening of Gartner Symposium ITxpo 2003 here. Clarke is now a private security consultant, serving as chairman of Good Harbor Consulting LLC in Arlington, Va. He joined Good Harbor in July. “You’ve got to have a relatively specific standard … with some real probability that someone will show up at the door to audit. That will take a congressional act,” he said. Clarke also said standards should encourage automatic audits, so network probes could quickly determine security levels, “instead of bringing in PriceWaterhouse for $500,000,” to do the audit. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.