Internet Companies Set Security Benchmarks
Piazza, Peter, Security Management
The Internet has often been referred to as the new frontier--even the Wild Wild West. Now a group of Internet businesses has come to Dodge hoping to bring, if not law, at least some order. The group is the Center for Internet Security, and it was started with an initial grant from the CIO Institute on October 1, 2000.
The goal of participating organizations is to set out, in effect, some generally accepted benchmarks for securing computer networks.
Supporters include NASA, which has instituted its own set of minimum security standards; AT&T, which has promulgated a set of simple steps that can be taken to prevent computers from being used as distributed denial of service zombies; and the Institute of Internal Auditors, which will assist in auditing the compliance of the standards once they are drafted.
As a starting point, the center will pull together the requirements and recommendations that have already been put forth by various groups worldwide. These include the British [BS.sub.7799] security standards, the Top Ten Internet Security Risks, and the standards issued by Visa International, Inc. (see related story, page 39).
The center will use these resources to create an auditable common standard for computer network security. The standard will define several levels of security, allowing businesses to determine whether they have sufficient security in place for their particular level. …