Panel: Private sector can control risks of cyberattack

A panel of business executives and policy experts today laid out a road map for companies to mitigate the economic impact of cyberattacks. The report, released by the American National Standards Institute and the Internet Security Alliance, builds upon recommendations included in legislation that passed Congress after the Sept. 11, 2001, terrorist attacks that called for increased industry coordination to secure the nation's computer-based networks.

Much like the economic turmoil, which stemmed from "a fundamental misunderstanding and mismanagement of modern financial systems," ISA President Larry Clinton said the country's critical infrastructures rely on cyber systems "that are also misunderstood and mismanaged." Clinton spoke at a briefing alongside Ty Sagalow, president for product development at American International Group.

Two thousand copies of the report, which suggests shifting control of corporate cyber infrastructures from IT departments to chief financial officers, are being shipped to executives at major companies, Clinton said.

In addition to offering 50 questions every CFO should ask, the guide offers charts to help calculate the probability and severity of financial loss from both risk events and the actions taken to mitigate them.