Call for Participation: Security Metrics Initiative

[Rodney Petersen <rpetersen () EDUCAUSE EDU>]

The Higher Education Information Security Council (formerly Security
Task Force) has a project team that has been working on IT security
metrics these past several months.  You can find a list of "Recommended
Starting Metrics" developed by the team at 
https://wiki.internet2.edu/confluence/display/itsg2/Recommended+Starting
+Metrics
<https://wiki.internet2.edu/confluence/display/itsg2/Recommended+Startin
g+Metrics>   The Center for Internet Security (CIS) (
http://www.cisecurity.org/ <http://www.cisecurity.org/> ) has also been
actively pursuing the development of consensus based metrics for
information security (see http://www.cisecurity.org/metrics).  We
recently decided to collaborate with CIS as part of their Phase II
effort to build upon the work of our project team, enhance the existing
metrics developed by CIS, and to develop a quick start implementation
guide.
 
Please review the Call for Participation below.  If you or others in
your institution are interested in joining this effort, please send an
email requesting participation in the CIS Consensus Security Metrics
Initiative to cis () cisecurity org <mailto:cis () cisecurity org> .  
 
Thanks,
 
-Rodney

--------------------------------------------------
Rodney J. Petersen
Government Relations Officer & 
Director of Cybersecurity Initiative
EDUCAUSE 

1150 18th Street, N.W., Suite 1010
Washington, D.C. 20036
(202) 331-5368 / (202) 872-4200

EDUCAUSE Policy Program 
www.educause.edu/policy <http://www.educause.edu/policy>  
EDUCAUSE Cybersecurity Initiative
www.educause.edu/security <http://www.educause.edu/security>  
Identity and Access Management 
www.educause.edu/idm <http://www.educause.edu/idm>  
--------------------------------------------------  

L

 



Call for Participation

Center for Internet Consensus Security Metrics Initiative

                        

        
Quick Links

*    CIS Public Web site <http://cisecurity.org/> 

*    CIS Member's Web Site <https://members.cisecurity.org/> 

*    Register with Member's Site
<https://members.cisecurity.org/forums/register.php> 

*    Download CIS Resources
<https://members.cisecurity.org/forums/downloads.php> 

*    Get Support <mailto:support () cisecurity org> 

*    Get Involved - Join Discussion Lists
<http://lists.cisecurity.org/mailman/listinfo> 

 

Contact Us

*    support () cisecurity org <mailto:support () cisecurity org>  

*    Fax: 717-533-6847

 

Dear Member of the Higher Education Community,

 

The Center for Internet Security invites your participation in Phase II
of the Consensus Security Metrics initiative.  

 

In Phase I, CIS convened over 150 information security experts from both
the private and public sectors to create an initial set of 20 Security
metrics definitions that are user-originated, unambiguous definitions to
measure some of the most important aspects of the information security
status of an enterprise. The initial set of metrics comprised 20
definitions representing a balanced combination of processes and
outcomes across six business functions: Incident Management,
Vulnerability Management, Patch Management, Application Security,
Configuration Management and Finance.  To see a copy of the current set
of the CIS Consensus Security Metrics, please go here:  
http://www.cisecurity.org/metrics.   

 

Regarding Phase II of this initiative, the following provides a summary
of its goals, estimated schedule, requested time commitment and roles.
If you or others in your institution are interested in participating,
please send an email requesting participation in the CIS Consensus
Security Metrics Initiative to cis () cisecurity org.  

 

Goals:

1.      Develop a prescriptive, quick start implementation guide

2.      Develop additional community metrics and taxonomies

3.      Enhancement of existing metrics

 

Estimated Schedule:

*         October 2009 - Kick-off, enroll participants

*         @January 31, 2010 - Completion

 

Note:  All deliverables will be incrementally developed and released to
the public.

 

Requested Time Commitment:

 

At a minimum, participants are asked to contribute at least be three (3)
hours during the course initiative to complete community surveys which
are designed to be taken in 15 minutes or less. Participants are
encouraged to collaborate thirty (30) minutes per week. All
contributions are on a volunteer basis. The community understands that
some individuals may become temporarily unavailable during the consensus
process.

 

Requested Participant Roles:

 

Contributor - Takes an active role in defining and extending content in
the consensus process providing content, reviewing evolving drafts and
providing feedback / approval via the discussion lists, surveys and or
periodic teleconferences.

Reviewer - Reviews draft content for syntactical, grammatical,
aesthetic, and readability issues. Additionally, provides approval via
discussion lists and or surveys.

CIS has already assigned team leaders with the expertise to draft the
core content and coordinate consensus review, discussion and approval.