• Mandatory reporting of security breaches that could threaten critical societal functions;10

  • Changing accounting procedures to require sanitized summaries of information-security problems and vulnerabilities to be made public in shareholder reports; and

  • Encouraging insurance companies to grant preferential rates to companies whose IT operations are regarded as meeting certain security standards of practice.

Note, however, that there are disadvantages as well as advantages to any of these specific options, and a net assessment of their ultimate desir-ability remains to be undertaken.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement