Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Board setting up site for security

From: William Knowles <wk () C4I ORG>
Date: Sat, 16 Sep 2000 00:28:13 -0500
http://www.fcw.com/fcw/articles/2000/0911/web-secure-09-15-00.asp

BY Diane Frank
09/15/2000

While Congress is releasing grades on agencies security posture,
another organization is working to provide a central resource on ways
that agencies can do their own grading.

The Computer System Security and Privacy Advisory Board decided on
Thursday to develop a Web site compiling security metrics from the
public and private sector. The board is a joint government/industry
group that advises officials including the secretary of the Commerce
Department and members of Congress.

The project follows up on a workshop the board held in June that
highlighted the wide range of ongoing security metrics efforts.

Almost every agency is trying to come up with some way to measure the
effectiveness of their security, and by providing all of the work that
has already been done in an easy-to-access format, the board could
help reduce duplication of effort, said board member John Sabo,
director of security, privacy and trust at Computer Associates Inc.

"The board could become a resource for people by categorizing the work
thats out there," he said.

The site also could serve as an educational resource on the different
types of metrics, including a fairly new approach of measuring not how
many attacks a security system repels but instead how having or not
having security affects users.

Several metrics have shown that the lack of security leads to low
confidence and trust in a system or application, a situation that can
make a difference when citizens are already leery of government, said
Karen Worstell, vice president of consulting company Atomic Tangerine
Inc


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: