Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Application/Web Development
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

Users mold security benchmark

By Patrick Thibodeau
May 14, 2001 12:00 PM ET
Recommended
(0)
Digg
Share/Email

Computerworld - The problem with IT security benchmarks is that the reference point is a constantly shifting target as new technologies and threats emerge.

Benchmark Overview
The Center for Internet Security (www.cisecurity.org) will release its Solaris systems benchmark next month.
What will be available: The CIS will offer public access to the benchmark ruler, which will define security settings for Solaris systems, depending on level of security sought. The full benchmark, which will include supporting information and references, will be available to members. The CIS is considering becoming a subscription-based service rather than a membership-based organization.
What’s up next: It’s next benchmarks include Windows 2000 and NT; Unix variants, including IBM’s AIX; and Linux.


And that's an especially difficult problem to overcome, said corporate security systems managers. They are examining the fruits of a relatively new cooperative effort that this week will yield the near-final version of a systems security benchmark for Sun Microsystems Inc.'s Solaris.

But despite concern about the benchmark's continued usefulness, end-user members of the Center for Internet Security said the organization's technical benchmark for securing Solaris systems will be key to their security efforts.

"To me, this is a great economic package for us," said Iris Patton, who heads security for the Americas at Houston-based Shell Services International Inc., the IT unit of Royal Dutch/ Shell Group. In return for the $5,000 membership fee the company paid to the CIS, it's receiving technical information that's good enough to serve as a substitute for high-priced consultants, she said.

The CIS is a nonprofit, cooperative group in Bethesda, Md., that was formed last October. Its members include more than 140 companies, government agencies and consulting firms.

The benchmark outlines a list of specific operational actions and settings for securing systems at different levels of protection. It was developed through a collaborative effort that involved ongoing feedback on the benchmark's drafts from technicians at some of the member companies, such as Shell's Unix gurus.

Donna Francis, who manages compliance security and policy for the IT group at Subaru of America Inc. in Cherry Hill, N.J., said the benchmark's collaborative approach will help fill security knowledge gaps.

"A [single] company can't always experience all the things that go wrong," she said. "It's just impossible."

But the true test of the benchmark will be its usefulness over time, said Francis. "How are they going to keep it updated?" she said.

"How are people going to add their experience next year or in the coming months as things change?"

Clint Kreitner, the CIS's president and CEO, said


Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

Xerox
Win a color printer!
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Upgrade to Internet Explorer 8 today.
Save time and mitigate security risk. Deploy it now.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Five Steps to Successful IT Consolidation
Has your Enterprise made the strategic decision to consolidate remote site IT infrastructure into central data centers? Then you have probably discovered that...  

Three IT Strategies to Cut Cost Intelligently
Forrester and BMC Share Tips on Consolidating, Automating, and Cutting Cost. Don't make hasty cost reductions. When the economy recovers, ensure your IT...

Microsoft SharePoint Performance Brief
This is a Performance Brief that illustrates how Riverbed Steelhead appliances accelerate MS SharePoint Services over the WAN. 2 pp....  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

IBM Lotus Notes Performance Brief
This is a Performance Brief that illustrates how Riverbed Steelhead appliances accelerate Lotus Notes R7....  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

The True ROI behind WAN Optimization
Looking for solid data behind the cost-savings story of WAN optimization? In this paper, NetForecast analysts interviewed customers who have deployed this solution,...  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

Forrester Consulting - Optimizing Users and Applications in a Mobile World
Are your workers going increasingly mobile? Don't wait for their calls to slam Support when they experience poor application performance on the road....  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

All White Papers | All Webcasts

Computerworld Reports

Sold on SOA

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.