Seal of Approval

It is evident that in today s interconnected electronic and global economy that information assurance and security poses a significant issue to all organizations. There have been numerous discussions and forums, in both the public and private sectors, specifically on the challenges that organizations face today concerning the subject. Given that businesses face significant vulnerabilities due largely to their interconnectedness with one another, transacting business with a firm that does not employ robust security mechanisms is a huge liability.

One suggestion that has surfaced is the establishment of a security rating for firms. The security rating would be set up similar to the well-known Underwriters Laboratories (t)he goal would be to certify that a business has governance policies and technical infrastructure procedures in place to make that business a more secure company (Beach, 2003). Such a security rating would serve as a reassurance not only to other firms that there is some assurance that their supply chain partners are secure but also may reassure customers that their information is protected.

Such a certifying body would have the role of assessing the infrastructures of firms based on evolving security and assurance standards. It could also serve as a clearinghouse for best practices in information security and assurance, assisting firms in implementing security strategies in stepped progressions.

Obtaining certification would be a voluntary action initiated by the firm requesting the certification rating.

The certifying body would not have any enforcement role, but it could operate as a body that could confer a security rating status based on the mechanisms in place. A periodic security audit term must be established to ensure that the certification has teeth. A periodic recertification every two years would be advisable after the initial term .