Information Security News mailing list archives
Re: Group crafts rating system for server security
From: InfoSec News <isn () C4I ORG>
Date: Wed, 27 Dec 2000 03:27:15 -0600
Forwarded by: Dan Tobin <dont () csds uidaho edu> While I certainly do see the need for a system like this, I have no faith that it can happen, especially by folks with so many vested interests in the economics of it. For this to happen in the time frame allocated, a gargantuan effort would need to be launched, and then validated with series of controlled experiments. However, as Weld alluded, there is no way to control enough variables to make this statistically valid. Further, how long is the "single number" going to be valid for? The security posture of a "system", however you want to define it, changes daily. Put me into that famous category of peoiple actually wanting to add "science" back into "Computer Science". Finally, the threat each network/organization faces is highly variable as well, and any security rating that is given a network MUST be measured against the particular threats faced... not everyone faces the same threats... nor will have the same response mechanisms. Wow... if it were this easy, I would have finished my PhD long ago probably... Don Tobin Center for Secure and Dependable Software, Univ of Idaho Meandering PhD Student, Retired USAF Officer, and just a realist in general On Fri, 22 Dec 2000, InfoSec News wrote:
http://news.cnet.com/news/0-1003-201-4238214-0.html?tag=st.ne.1002.thed.sf By Robert Lemos Special to CNET News.com December 21, 2000, 4:50 p.m. PT Are your servers as secure as Fort Knox or as open as a revolving door? The newly formed Center for Internet Security hopes to answer that question by creating a suite of tests that would give computer owners a rating--on a scale of 1 to 10--of how good their security is.
ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Group crafts rating system for server security InfoSec News (Dec 22)
- <Possible follow-ups>
- Re: Group crafts rating system for server security InfoSec News (Dec 27)
- Re: Group crafts rating system for server security Chris Brenton (Dec 28)