Tuesday, May 26, 2009

Center for Internet Security Issues Free Security Metrics


Center For Internet Security
Issues Free Security Metrics

Global coalition of enterprises, government, and vendors looks to its vendor members to automate collection of new metrics in their products

By Kelly Jackson Higgins |DarkReading

The Center for Internet Security last Wednesday issued a set of free metrics for organizations to use in measuring their security postures.

CIS, a coalition of enterprises, government agencies, universities, and vendors from around the world, in September provided an overview of the user-driven metrics project. The organization now has published a series of metrics for organizations to measure their key security operations -- incident management, vulnerability management, patch management, application security, configuration management, and financial metrics.

Continue Dark Reading

Here's more information: 

The Security Configuration
Benchmarks below are distributed free of charge to propagate their
worldwide use and adoption as user originated, de facto standards.



The CIS Benchmarks are the ONLY consensus best practice security
configuration standards both developed and accepted by government,
business, industry, and academia.



The Benchmarks are:


  • Recommended
    technical control rules/values for hardening operating systems,
    middleware and software applications, and network devices;
  • Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide;
  • Downloaded approximately 1 million times per year;
  • Distributed freely by CIS in .PDF format (some are available to CIS Members only in XML format via the CIS Members web site);
  • Used
    by thousands of enterprises as the basis for security configuration
    policies and the de facto standard against which to compare them.

For more information about the benchmarks and tools:



Reblog this post [with Zemanta]

Disqus for ePayment News