Investment Strategies
 
 
 
 
 
 
 
 
 
 
 
 
 

Internet security Process
The Center works with and through other leading organizations that have developed requirements and processes and...

Internet Security The Benchmarks
The Center provides Internet security benchmarks based on recognized best practices for deployment, configuration, and...

 
Internet Security Action Plan

The Center for Internet Security began operation on October 1, 2000, and initially has focused on four major tasks:

Compare and reconcile differences among the following sets of process-level security requirements:

  • BS7799 security requirements established by the British Government
  • SysTrust requirements established by the AICPA
  • COBIT requirements established by the Information Systems Audit and Control Association
  • GAO's FISCAM (Federal Information System Controls AuditManual)
  • IETF (Internet Engineering Task Force) Site Security Handbook
  • I 2 SF (International Information Security Foundation) GASSP (Generally Accepted System Security Principles)
  • NIST (National Institute of Standards and Technology) Principles and Practices for Security of IT Systems


The result of this work is a document of the composite process-level requirements from the above sources, published by the Center.
  • Pull together and prepare for review and comment as noted below, the valuable technical work already completed or currently underway related to security-enhancing technical actions for specific operatingsystems. Sources include the following:
    • The Top Ten Internet Security Threats (and how to avoid them) developed by a consortium of 40 Internet security leaders including the NSA, DoD, Internet Security Systems, Network Associates, Global Integrity, Ernst & Young, Intrusion.com, SANS, CERT/CC and several universities and other groups;
    • Solaris recommendations by Titan, YASSP, and SANS Step-by-Step Guide;
    • Windows 2000 recommendations by NSA;
    • IRIX and AIX recommendations developed by Virginia Tech
    • Linux recommendations by the Institute for Security Technology Studies at Dartmouth
    • Windows NT 4.0 recommendations by GIAC participants
The result of this work is draft sets of operating system-specific technical benchmarks based on global best practices that are circulated for review and input as noted below.
  • Coordinate a review and consensus process involving Center members and other organizations having an interest in using the benchmarks and rulers, with a goal of reaching consensus on a final set of minimum benchmarks and rulers to be used as a basis for demonstrating due care. This process involves multiple rounds of review, commenting and redrafting, beginning with the draft benchmarks. It ends when the majority of the group agrees to support the draft benchmark and ruler.
  • Establish an Internet Appliance Testing and Certification Laboratory to test and certify the security status of the burgeoning supply of vendor appliances coming to market. Speed Test - How fast is your broadband speed? Find out at Broadband Choices
    Satellite phone rental - Satellite phone rental service stay connected everywhere

    • new gadgets-Video Production