Arlington, VA, December 14, 2005 --The Internet Security Alliance (ISAlliance), a collaboration between the Electronic Industries Alliance and Carnegie Mellon University, today released its fourth in an annual series of Common Sense Guides. This latest guidebook, Contracting for Information Security in Commercial Agreements - An Introductory Guide, is the first publication to provide concrete assistance for companies dealing with a wide range of information security issues, including outsourcing, exploding compliance costs, expanding regulation of the Internet and the ever-increasing problem of identity theft over the Internet.

When the Electronic Industries Alliance (EIA) and Carnegie Mellon University's CyLab founded the ISAlliance more than four years ago, "our goal was to help businesses help themselves, by developing the most effective solutions to cyber security issues and minimize the potential for regulation," EIA President and CEO and ISAlliance Executive Director Dave McCurdy said. "The Contracting for Information Security in Commercial Agreements publication is ISAlliance's latest solution, and one we think will help the private sector advance state-of-the-art security measures between firms engaged in Internet-related transactions and operations, through binding contracts."

The Information Systems Security Association (ISSA), the world's largest professional association of security experts, immediately endorsed the ISAlliance publication and said it will co-market the Guide to its membership. "This Guide will be invaluable to any information security professional," stated Dave Cullinane, President of ISSA. "For the first time, there is a publication that organizes the issues of information security into a structure -- with model terms and contract provisions -- that enables effective dialogue among security professionals, business managers and lawyers."

Contracting for Information Security in Commercial Agreements was developed through the collaborative efforts of ISAlliance members and reflects terms and provisions that have been employed in various commercial agreements. The Guide addresses several information security issues - by providing three functions:

• First, it provides a roadmap of the business issues of data security-a strategic outline that enables discussion and dialogue about what steps must be taken to address security requirements, on issues such as background checks, access controls and the use of encryption.
• Second, it introduces a glossary of terms to be employed in commercial agreements-precise terms which can provide a shared vocabulary in discussing security issues internally and with business partners.
• And third, it provides a detailed example of how security controls might look as companies structure protection for personal information that is being shared-the essential goal of privacy laws around the world.

Contracting for Information Security in Commercial Agreements - An Introductory Guide also uses best practices and examples of contract language model clauses to meet the needs of large and small businesses seeking to integrate information security management into a wide variety of 21st century commercial relationships. The ISAlliance believes widespread implementation of the publication's proposals can result in accelerated market-driven standardization of internet security requirements, more efficient contracting practices, more reliable risk management, less litigation and less regulation by the government.

To obtain a copy of Contracting for Information Security in Commercial Agreements - An Introductory Guide (free for ISAlliance members, $29.95 for non-members), please contact Jennifer Johnson, Director of Marketing and Finance: (703) 907-7708 or jjohnson@isalliance.org

# # # #

About the ISAlliance: ISAlliance currently has over 260 corporate members based on four continents representing virtually every major segment of the economy. ISAlliance offers its membership a wide range of services including technical information sharing, model legal practices, best practice standards & certification development, risk management as well as public policy. ISAlliance is a leader in advocating market-based systems as the appropriate motivating forces to improve information security. For more information, please visit www.isalliance.org