Educause Security Discussion mailing list archives
Call for Participation: Security Metrics Initiative
From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Fri, 23 Oct 2009 08:39:40 -0600
The Higher Education Information Security Council (formerly Security Task Force) has a project team that has been working on IT security metrics these past several months. You can find a list of "Recommended Starting Metrics" developed by the team at https://wiki.internet2.edu/confluence/display/itsg2/Recommended+Starting +Metrics <https://wiki.internet2.edu/confluence/display/itsg2/Recommended+Startin g+Metrics> The Center for Internet Security (CIS) ( http://www.cisecurity.org/ <http://www.cisecurity.org/> ) has also been actively pursuing the development of consensus based metrics for information security (see http://www.cisecurity.org/metrics). We recently decided to collaborate with CIS as part of their Phase II effort to build upon the work of our project team, enhance the existing metrics developed by CIS, and to develop a quick start implementation guide. Please review the Call for Participation below. If you or others in your institution are interested in joining this effort, please send an email requesting participation in the CIS Consensus Security Metrics Initiative to cis () cisecurity org <mailto:cis () cisecurity org> . Thanks, -Rodney -------------------------------------------------- Rodney J. Petersen Government Relations Officer & Director of Cybersecurity Initiative EDUCAUSE 1150 18th Street, N.W., Suite 1010 Washington, D.C. 20036 (202) 331-5368 / (202) 872-4200 EDUCAUSE Policy Program www.educause.edu/policy <http://www.educause.edu/policy> EDUCAUSE Cybersecurity Initiative www.educause.edu/security <http://www.educause.edu/security> Identity and Access Management www.educause.edu/idm <http://www.educause.edu/idm> -------------------------------------------------- L Call for Participation Center for Internet Consensus Security Metrics Initiative Quick Links * CIS Public Web site <http://cisecurity.org/> * CIS Member's Web Site <https://members.cisecurity.org/> * Register with Member's Site <https://members.cisecurity.org/forums/register.php> * Download CIS Resources <https://members.cisecurity.org/forums/downloads.php> * Get Support <mailto:support () cisecurity org> * Get Involved - Join Discussion Lists <http://lists.cisecurity.org/mailman/listinfo> Contact Us * support () cisecurity org <mailto:support () cisecurity org> * Fax: 717-533-6847 Dear Member of the Higher Education Community, The Center for Internet Security invites your participation in Phase II of the Consensus Security Metrics initiative. In Phase I, CIS convened over 150 information security experts from both the private and public sectors to create an initial set of 20 Security metrics definitions that are user-originated, unambiguous definitions to measure some of the most important aspects of the information security status of an enterprise. The initial set of metrics comprised 20 definitions representing a balanced combination of processes and outcomes across six business functions: Incident Management, Vulnerability Management, Patch Management, Application Security, Configuration Management and Finance. To see a copy of the current set of the CIS Consensus Security Metrics, please go here: http://www.cisecurity.org/metrics. Regarding Phase II of this initiative, the following provides a summary of its goals, estimated schedule, requested time commitment and roles. If you or others in your institution are interested in participating, please send an email requesting participation in the CIS Consensus Security Metrics Initiative to cis () cisecurity org. Goals: 1. Develop a prescriptive, quick start implementation guide 2. Develop additional community metrics and taxonomies 3. Enhancement of existing metrics Estimated Schedule: * October 2009 - Kick-off, enroll participants * @January 31, 2010 - Completion Note: All deliverables will be incrementally developed and released to the public. Requested Time Commitment: At a minimum, participants are asked to contribute at least be three (3) hours during the course initiative to complete community surveys which are designed to be taken in 15 minutes or less. Participants are encouraged to collaborate thirty (30) minutes per week. All contributions are on a volunteer basis. The community understands that some individuals may become temporarily unavailable during the consensus process. Requested Participant Roles: Contributor - Takes an active role in defining and extending content in the consensus process providing content, reviewing evolving drafts and providing feedback / approval via the discussion lists, surveys and or periodic teleconferences. Reviewer - Reviews draft content for syntactical, grammatical, aesthetic, and readability issues. Additionally, provides approval via discussion lists and or surveys. CIS has already assigned team leaders with the expertise to draft the core content and coordinate consensus review, discussion and approval.
Current thread:
- Call for Participation: Security Metrics Initiative Rodney Petersen (Oct 23)