A new organization aims to fight cybercrime by developing technical benchmarks to help companies secure their systems.
The Center for Internet Security, based here, boasts more than 120 members, including federal government agencies, academic organizations, manufacturers and security vendors and consultants.
The independent, nonprofit center is working with its members to develop detailed, nonproprietary benchmarks based on global best practices to help organizations "harden," or secure their systems.
"We're attempting to define specific actions to make it as easy as possible for organizations to make their systems more secure, and therefore make the entire Internet more secure," says Clint Kreitner, the center's president and CEO.
Other groups have worked to provide guidance for securing systems, but there have been no benchmarks that provide specific operational details such as operating-system settings, he says.
"The vendors ship their products with security doors wide open and there's a dearth of quality security professionals," Kreitner says. "There are millions and millions of systems that have security doors wide open. The level of vulnerability is quite unacceptable from a business standpoint."
The center plans to release benchmarks for the Solaris operating system in March, followed by benchmarks for the AIX, IRIX, Windows 2000 and Linux operating systems.
The group, which started its work last October, also plans to certify commercial software tools that businesses can use to validate and continuously monitor the security of their systems.
Solution providers will play a key role in helping end users become aware of the benchmarks and to install them, Kreitner says.
"They compensate for this dearth of knowledge by helping organizations that don't have the technical skills," he says. "We can put the benchmarks in the public domain, but we can't enforce them."
The center's membership includes the SANS Institute, NASA, the National Institute for Standards and Technology, Intel, Chevron, VISA, Internet Security Systems, Symantec and security consulting firms Guardent and Foundstone.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
