Information Security Program

ITAA's Information Security Program, including our industry leading policy work
and business development and networking activities, is driven through the
guidance of ITAAs InfoSec Committee. With membership of more than 230
companies and 650 industry representatives, the InfoSec Committee meets
monthly to discuss major issues, interact with government and commercial
leaders, and facilitate introductions to prospective customers and partners in the
public and private sector, domestically and internationally.

Companies focused on information security are able to leverage their

involvement in our program toward meeting their policy and business
development objectives. Whether the challenge is mobilizing collaboration within
the private sector toward practical information security solutions, engaging
government leadership, promoting cyber security R&D, or building the talent
base globally, this Committee has been at the forefront of the information security
issue.

Leadership Initiatives

ITAA was a key leader in organizing the National Cyber Security Summit
of 2003, in partnership with the Department of Homeland Security and
other industry associations, resulting in the development of a series of
action plans going forward through 2005, dedicated to implementing the
Presidents National Strategy to Secure Cyberspace. ITAA managed one
of the Summit task forces, on Early Warning, whose recommendation for a
cross-sectoral early warning and analysis network for cyber security threat
and incident information is being implemented now by DHS.

ITAA Chairs the Partnership for Critical Infrastructure Security a cross

sectoral partnership of all government-appointed sector coordinators for
critical infrastructure sectors, defined under Homeland Security
Presidential Directive 7. ITAAs President Harris Miller is the appointed
sector coordinator for the information technology sector, and leads the
PCIS in collaborative, cross-cutting coordination on cyber security and
physical security issues on collaboration with government agencies.
 ITAA regularly provides advice to DHS on its initiatives for an improved
partnership between DHS, federal agencies and the private sector, such
as the Homeland Security Information Network; National Response Plan;
and National Infrastructure Protection Plan.

ITAA also is reaching out internationally, by co-sponsoring with our sister

trade association in India a U.S.-India Cyber Security Summit in Delhi,
October 12-13, 2004. This laid the groundwork for government-to-
government and follow-on industry-to-industry bilateral discussions in
Washington a month later. A similar format is being contemplated for U.S.-
Japan consultations in March 2005.
ITAA is partnering with the National Institute on Standards and Technology
to build interest in the security vendor community to contribute security
configurations for their software products that customers can consult over
NISTs web-based Security Configuration Repository. This program is a
voluntary, nonregulatory alternative to bringing vendors and users together
to improve the deployment and management of information security in IT
systems procured by government agencies and private sector enterprises.
ITAA and NIST co-hosted a workshop in November 2004 to build interest
in this program.

ITAA hosts a monthly dinner series for a small number of ITAA members
and a Federal CISO to exchange ideas about cyber security and consider
mutual challenges and opportunities. This is an intimate way for members
to network with those in the government who manage agency networks
and need to bounce ideas off industry experts.

2005 Information Security Committee Leadership

InfoSec Committee Co-Chairs:

Michael Aisenberg, Director of Public Policy, VeriSign
Tiffany Jones, Director of Government Affairs, Symantec

Public Policy Subcommittee Chair:

Robert Hoffman, Vice President, Congressional and Legislative Affairs, Oracle

Business-Technology Subcommittee Co-Chairs:

Jim Craft, CISO Intelligence and Information Systems Division, Raytheon
J.R. Reagan, Managing Director, Security Practice, BearingPoint

For more information, contact Greg Garcia, Vice President, Information Security, at 703-
284-5357 or via e-mail (ggarcia@itaa.org. You may also contact Patti Coen, Program
Manager, Information Security, at 703-284-5358 or via e-mail (pcoen@itaa.org). Visit us
on the web at www.itaa.org/infosec.