Jump to content

Center for Internet Security: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Danmik95 (talk | contribs)
69 edits
Youtie (talk | contribs)
18 edits
Line 34: Line 34:


== Security Benchmarks ==
== Security Benchmarks ==
The Security Benchmarks Division provides global standards for internet security. Through consensus, the CIS Security Benchmarks division provides frameworks to help organizations bolster their security. Resources include secure configuration benchmarks, automated configuration assessment tools and content, security metrics and security software product certifications.
The Security Benchmarks Division provides global standards for internet security. Through consensus, the CIS Security Benchmarks division provides frameworks to help organizations bolster their security. According to ww.cisecurity.org resources include secure configuration benchmarks, automated configuration assessment tools and content, security metrics and security software product certifications.


===Overview===
===Overview===

Revision as of 14:29, 12 March 2014

Center for Internet Security

The Center for Internet Security (CIS) is a 501(c)(3) not-for-profit organization founded in October, 2000, whose mission is to "enhance the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration." The company is located in East Greenbush, New York and is led by its President and CEO, William Pelgrin. It is composed of roughly 180 members from 17 different countries. CIS strives to improve global internet security by creating and fostering a trustable and secure environment to bridge the public and private sectors. In addition, at the national and international level, CIS plays an important role in forming security policies and decisions. CIS has four divisions: the Central Intelligence Center, the Multi-State Information Sharing and Analysis Center (MS-ISAC), Security Benchmarks, and the Trusted Purchasing Alliance. Through these four divisions, the Center for Internet Security works with a wide range of entities, including those in academia, the government, and the both the private sector and general public to increase their online security by providing them with products and services that improve security efficiency and effectiveness.


Integrated Intelligence Center

The goal of the Integrated Intelligence Center (IIC) is to aid in the sharing of intelligence products and information between government and private sector entities. State, local, tribal, and territorial (SLTT) government partners use the IIC as a resource to report and collaborate with each other on cybersecurity issues in as timely a manner as possible. In order for the US Department of Homeland Security and the IIC to collect, analyze, and "ensure actionable information" with their SLTT partners, they offer fusion centers, homeland security advisors, and law enforcement entities equipped with cybersecurity products to the companies they work with. "Because SLTT partners need to utilize a multitude of cyber capabilities in order to function at their most productive level as well as collaborate with each other efficiently, the IIC assists them to take full advantage of the resources in their field by facilitating "two-way sharing of information between and among similarly situated partners", which also allows them to combat and avoid cyber threats together. The IIC provides many benefits, such as intelligence sharing, subject matter experts, and training opportunities. Intelligence sharing coordinates inter-agency information sharing to make known cyber threats, trends, and problems that SLTT governments encounter." "Subject matter experts are cyber intelligence analysts who aid SLTT governments in their efforts for "on-going projects, and one-time events and assessments". http://iic.cisecurity.org "Monthly training sessions on cyber crime and how to avoid it are offered to fusion center analysts and other interested partners through guest lecturer series. Through these recourses, the Integrated Intelligence Center aims to improve "overall situational awareness along with enhanced preparedness and response resources" that benefit all partners equally."

Multi-State Information Sharing and Analysis Center

The Multi-State Information Sharing and Analysis Center is designated by the U.S. Department of Homeland Security as a key cyber security resource for the nation’s state, local, territorial, and tribal (SLTT) governments.

"The MS-ISAC 24x7 cyber security operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation and incident response."[1]

"Additional information concerning uses and restrictions is contained in the Funding Opportunity Announcement document or can be obtained from the administering program office identified in this announcement. Financial and nonfinancial assistance may be provided for the following: salaries, materials and supplies, equipment, travel, publication costs, subcontractor and supporting costs required for technical and other activities necessary to achieve the objective. Restrictions on use of funds will be identified in the funding opportunity announcement and award provisions. See Funding Opportunity Announcement. Refer to program guidance. Refer to program guidance. Refer to program guidance. Refer to program guidance."[2]

"Managed Security Services (MSS) is compromised of [sic] the monitoring of two security devices. Typically, this would include one firewall and one IDS/IPS device. Security Event Analysis & Notifications 24x7 Technical Assistance IDS/IPS Management"[3]

"Objectives of the MS-ISAC provide two-way sharing of information and early warnings on cyber security threats provide a process for gathering and disseminating information on cyber security incidents promote awareness of the interdependencies between cyber and physical critical infrastructure as well as between and among the different sectors coordinate training and awareness ensure that all necessary parties are vested partners in this effort"[4]

-has been growing since 2003

-"The MS-ISAC reached a critical point in its development which required its organizational structure to change; it needed to be institutionalized into an organization with a single, dedicated focus--outside of any one governmental entity--in order to meet the ever-increasing challenges facing SLTT governments and to better reflect its expanded scope and responsibilities."[5]

Security Benchmarks

The Security Benchmarks Division provides global standards for internet security. Through consensus, the CIS Security Benchmarks division provides frameworks to help organizations bolster their security. According to ww.cisecurity.org resources include secure configuration benchmarks, automated configuration assessment tools and content, security metrics and security software product certifications.

Overview

The division's primary goal is for the widespread use of its benchmarks to increase and improve global internet security. CIS provides these benchmarks, and other useful internet security tools free to everyone at its website (making CIS very cost effective), www.CISecurity.org. The benchmarks and the other tools CIS provides at no cost allow IT workers to create reports that compares their system security to universal consensus standard. This fosters a new structure for internet security that everyone is accountable for that is shared by top executives, technology professionals and other internet users throughout the globe. Further, CIS provides internet security tools with a scoring feature that rates the security of the system at hand. This inherently encourages and motivates users to improve the scores given by the software, which thus bolsters the security of their internet and systems. The universal consensus standard that CIS employs is beneficial and powerful in that it draws upon and uses the accumulated knowledge of skillful technology professionals. Since internet security professionals volunteer in contributing to this consensus, this reduces costs for CIS and makes it cost effective.

To develop and structure its benchmarks, CIS uses a strategy in which members of the organization first form into teams. These teams then each collect suggestions, advice, official work and recommendations from a few participating organizations. Then, the teams analyze their data and information to determine what the most vital configuration settings are that would improve internet system security the most in as many work settings as possible. Each member of a team constantly works with their teammates and critically analyzes and critiques a rough draft until a consensus forms among the team. Before the benchmark is released to the general public, they are available for download and testing among a widespread, yet selective group of people. After reviewing all of the feedback from testing and making any necessary adjustments or changes, the final benchmark and other relevant security tools are made available to the public for download through the CIS website. This process is so extensive and is so carefully executed that sometimes even thousands of security professionals throughout the globe participate in it. According to isaca.org, "during the development of the CIS benchmark for Sun Microsystem Solaris, more than 2,500 users downloaded the benchmark and monitoring tools."

Mission

The mission of the division is to establish and promote the use of consensus-based best practice standards to raise the level of security and privacy in Internet-connected systems, and to ensure the integrity of the public and private Internet-based functions and transactions on which society increasingly depends. The Security Benchmarks division achieves its mission through a collaborative effort among: Consensus Community: The community comprises IT security subject matter experts who volunteer their knowledge and experience to develop best practice guidance for the global Internet community. Security Benchmarks Members: Membership includes companies of all sizes, government agencies, colleges and universities, nonprofits, IT auditors and consultants, security software vendors and other organizations. The tremendous commitment to excellence and collaboration through which our consensus community and members operate is instrumental in our collective success.

Resources

The CIS Security Benchmarks Division develops and distributes: Security Configuration Benchmarks - describe consensus best practices for the secure configuration of target systems and are developed via extensive collaboration with our volunteer consensus community. Configuring IT systems in compliance CIS Benchmarks has been shown to eliminate 80-95% of known security vulnerabilities. The CIS Benchmarks are globally used and accepted as the de facto user-originated standard for IT security technical controls and are freely available for download in PDF format. Security Metrics - offer enterprise IT and security teams insight into their own security process outcomes and are developed via extensive collaboration with our volunteer consensus community. The metrics are freely available to the public for download, including the CIS Quick Start Guide for Consensus Security Metrics. The CIS-CAT Benchmark Assessment Tool - provides IT and security professionals with a fast, detailed assessment of target systems' conformance with CIS Benchmarks. CIS-CAT offers enterprises a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security controls and processes. CIS-CAT is an SCAP-validated FDCC Scanner. CIS-CAT is available to CIS Security Benchmarks members[6]

Trusted Purchasing Alliance

"The mission of the Trusted Purchasing Alliance (TPA) is to serve state, local, territorial and tribal governments and related not-for-profit entities in achieving a greater cyber security posture through trusted expert guidance and cost-effective procurement." (Center for Internet Security). The intent of the TPA is to combine the purchasing power of governmental and nonprofit sectors to help participants improve their cyber security condition at a lower cost than they would have been able to attain on their own. In order to bring their partners cost-effective services, they work with private and public sectors. They assist with the "time intensive, costly, complex, and daunting" task of maintaining cyber security. The combined purchasing opportunities are checked out by domain experts.

There are three main objectives of the Trusted Purchasing Alliance. The first is to contribute a trusted environment to improve the condition of the cyber security of the previously mentioned entities. The second is to help lower the cost of cyber security needs. The third is to work with companies to bring services and security products to their partners. (CIS)

Education and awareness resources

In order to assist organizations and individuals in their cyber security, the Center for Internet Security supplies its users many resources, such as daily emails with cyber safety tips, online guides and papers, as well as videos and podcasts. These can be found on the three division pages of the CIS; Security Benchmarks, Multi-State Information Sharing & Analysis Center, and the Trusted Purchasing Alliance.

The first division page is Security Benchmarks, a membership which offers objective and consensus-based date to aid organizations in their online security. The Security Benchmarks Division offers resources such as "automated configuration assessment tools and content, security metrics and security software product certifications", which are all recognized as "industry accepted system hardening standards" that organizations use to meet security requirements. In order to achieve its mission of establishing and promoting "the use of consensus-based best practice standards" to increase the security of internet-connected systems, it offers a Consensus Community, IT security subject matter experts who work to develop safer online environment, especially in a time when information sharing is so prevalent. Other resources include the Security Configuration Benchmarks, which describe safety practices for its members, Security Metrics, which offer organizations "insight into their own security process outcomes", and the CIS-CAT Benchmark Assessment Tool, which allows enterprises the tools to analyze and monitor the security of their online information systems and the effectiveness of their "internal security controls and processes". On their "Security Resources" page, both free resources, as well as ones accessible through membership, are available.

The Multi-State Information Sharing & Analysis Center (MS-ISAC) aims to improve cyber security of "state, local, tribal and territorial governments". Because collaboration and information sharing between these governments are critical to their success, their cyber security is of the utmost importance. the MS-ISAC facilitates cyber training and awareness, allows for two-way sharing of information between members and early detection on cyber security threats, and teaches of the intertwinings of cyber and physical infrastructure that are pertinent to online security. On their "Resources & Publications" page, the MS-ISAC provides multiple links, such as newsletters, cyber security guides and toolkits, and daily tips.

The Trusted Purchasing Alliance, like the MS-ISAC, serves governments of all kinds, as well as non profits in achieving greater cyber security. On their "resources" page, multiple news letters and documents are available free of charge, including 'cybersecurity handbook for cities and counties" and "CSIS: Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines". Through these resources, the TPA hopes to build partnerships between public and private sectors to increase collaboration that boost our nation's cyber security posture.

Participating organizations

The primary reasons organizations throughout the world become members of and join the Center for Internet Security is because they realize the importance of CIS and its missions/goals, and so they strive to support it. By them giving to the organization yearly membership fees, organizations understand and are happy that they are therefore increasing global internet security for everyone. Further, by joining, they can take place in the creation of benchmarks.

The founding organizations and partners of the Center for Internet Security include the following: ISACA®, The American Institute of Certified Public Accountants (AICPA), The Institute of Internal Auditors (IIA), The International Information Systems Security Certification Consortium (ISC2) and The SANS (System Administration, Networking and Security) Institute. These organizations all helped form CIS in October 2000. CIS has gone a long way and now currently has has roughly 80 members from a total of 17 different countries. CIS cooperates and works with a variety of organizations and members at both the national and international levels. Some of these organizations include those in both the public and private sectors, government, ISACS and even law enforcement as well.

References

  1. ^ http://msisac.cisecurity.org
  2. ^ https://www.cfda.gov/index?s=program&mode=form&tab=core&id=ce25465e13febdedc918d36d3db8b0e2
  3. ^ http://msisac.cisecurity.org/about/services/
  4. ^ http://msisac.cisecurity.org/about/
  5. ^ http://msisac.cisecurity.org/about/
  6. ^ http://benchmarks.cisecurity.org/about/
Stub icon

This Internet-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Center_for_Internet_Security&oldid=599290583"