Netegrity CEO on best security practices

Barry Bycoff, chairman and CEO of Waltham, Mass.-based Netegrity Inc., has been named co-chairman of the TechNet CEO Cybersecurity Task Force, which is working with the federal government and other industry groups to shape national cybersecurity policymaking. Members of TechNet’s CEO Cybersecurity Task Force represent leading computer networking, hardware and software companies, including 3Com Corp., Cisco Systems Inc., Guardent Inc., Hewlett-Packard Co., RSA Security Inc., Symantec Corp. and VeriSign Inc.

The task force is working to promote awareness of cybersecurity policymaking, publicize best practices in network security and support public-private efforts to protect the Internet. Bycoff spoke this week with Computerworld about his work.

What is the TechNet CEO Cybersecurity Task Force and what is its role and mission?

The TechNet CEO Cybersecurity Task Force is made up of chief executives of some of the nation’s leading computer networking, hardware, software and cybersecurity companies. The members have agreed to devote time and resources in targeted initiatives to inform cybersecurity policymaking, promote best practices in network security and support public-private efforts to protect the Internet.

The CEO Cybersecurity Task Force will, by the end of this year, release a set of best practices for security that it hopes to convince corporations to adopt as a minimum standard.

Specifically, the mission of the TechNet CEO Cybersecurity Task Force is to support public-private efforts to protect America’s information infrastructure by providing expertise, advice and resources for selected initiatives; to promote awareness and best practices in cybersecurity; develop policy statements on key topics in cybersecurity; and monitor information technology industry participation in the various public-private partnerships.

In 2003, the Task Force will guide TechNet in driving two key initiatives. The first is a campaign challenging companies to meet a cybersecurity baseline by a specific date. The second is a forum for high-tech companies on regulatory and legal developments regarding sharing cybersecurity information with the appropriate government bodies and industry organizations.

What is the current number of CEOs taking part?

TechNet comprises more than 300 chief executive officers and senior partners of companies in the fields of information technology, biotechnology, venture capital, investment banking and law. Beyond cybersecurity, TechNet has several initiatives including economic growth, stock-option accounting, broadband, class-action fairness, research and development, and education.

What issues are at the top of the Task Force’s near-term agenda and what will you strive to achieve as far as each issue is concerned?

The near-term agenda is to develop a set of best practices that companies can use as a framework to enhance the security of their technology infrastructure. Once the Task Force has established a preliminary best-practices framework, the group will be soliciting feedback from CIOs across the country to ensure that the framework meets their implementation needs. Once finalized, the best-practices framework will be rolled out and the Task Force will develop a campaign to challenge companies to meet these best practices.

In addition, the Task Force will be working with the federal government and other organizations to ensure the sharing of information on cybersecurity initiatives.

Have CEOs received a bad rap when it comes to the perception that they’re not interested in cybersecurity because it can be difficult for IT security managers to show ROI for security projects? Or are most CEOs really not interested in security — as many IT managers say they are?

In the past, security was often an afterthought to a project. However, as companies realize the impact, cost and business risk of not implementing a security infrastructure, security has become a key topic for most CIOs. In addition, some of the new regulations, such as Sarbanes-Oxley, HIPAA and Gramm-Leach-Bliley, have forced security to become a CIO mandate.

Netegrity recently surveyed some of its customers and found that the majority of respondents cited that security now has a seat at the CEO’s table, alongside some of the other key initiatives at the company.

Does the Task Force have a Web site where people can get more information?

Information on TechNet and the Cybersecurity Task Force can be found at