- Email: [email protected]
Project spotlight US security initiative launched
SECURITY REPORTS Project Spotlight US Security Initiative Launched Roy Szweda nformation security concerns have led to the . formation of the US President's "Commission on Critical Infrastructure Protection". As a result, 'Project Spotlight' is a new 'outreach program' to directly address these c o n c e r n s and is the first formal US initiative to educate both private and public sectors on the current status of information security.
I
By generating the first quantitative data on information security threats and weaknesses, Project Spotlight will provide a critical baseline designed to become an industry standard for security practices. The Project will also present the specific processes and t e c h n o l o g y n e c e s s a r y for o n g o i n g i n f o r m a t i o n protection of the nation's infrastructure. Project Spotlight founders, who are leading-edge companies making unique contributions in the area of information security, include: Client/Server Labs, the premier enterprise-wide IT testing lab; Internet Security Systems (ISS), the leading provider of adaptive n e t w o r k security t e c h n o l o g y that automatically detects and responds to security risks; and META Group, a leading IT research and analysis services firm. Also participating in Project Spotlight is the law firm of King & Spalding represented by Senator Sam Nunn, a key advisor to the President's Committee on Critical Infrastructure Protection. "Project Spotlight is a pioneering effort to gather critical quantitative data that will deliver an increased level of knowledge regarding security threats and effective countermeasures," said Sam Nunn, former Senator and recent co-chairman of the Advisory Committee to the President's Commission on Critical Infrastructure Protection. "The Project's commitment to furthering education in the information security arena will enable organizations to actively protect their enterprise systems through heightened awareness of security issues and proven risk management methods and solutions." Project Spotlight will involve a select group of Fortune 500 and Global 2000 companies. The Project
Spotlight team will install leading-edge security assessment and intrusion detection software and gather and analyse o t h e r w i s e u n d e t e c t e d security vulnerability and threat data. In-depth analysis and subsequent reports will provide insight into the vulnerability exposure and threat activity present in the information systems of Spotlight participants and will provide critical trends and conclusions based on this quantitative data to the industry-at-large. "One of the American Electronics Association's charters is to influence Public Policy," says AEA "We feel Project Spotlight and its' goal of educating both the public and private sectors on the current status of i n f o r m a t i o n security is e x t r e m e l y i m p o r t a n t . A d d i t i o n a l l y , for our m e m b e r c o m p a n i e s the information they will receive regarding their own information system security vulnerabilities and threats, will be invaluable." Specifically, Project Spotlight will provide participants with the following: Actual threat and vulnerability data by industry - this information will be evaluated to determine the potential impact to corporate information systems and networks Specific vulnerability data delivered in a timely fashion - enabling participants to implement corrective measures during the project A baseline vulnerability and threat database organized by industry - designed to measure internal improvement and perform external trend analysis; Qualitative and quantitative statistical analysis - a basis for prioritizing and building the business case for future security technology investments; to protect both the nation's infrastructure, as well as corporate America A comprehensive vulnerability and threat report comparing the participant's security posture with that of other corporations and other industries. For general information about Project Spotlight or f o r information on how to become involved in the programme, contact META Group at (800) 945-META or Client/Server Labs at (770) 552-3645 or visit the Project Spotlight web site at h t t p : / / w w w . i s s . n e t /spotlight
Computer Fraud & Security December 1998 1361-3723/98/$19.00 © 1998 Elsevier Science Ltd. All rights reserved
I
By generating the first quantitative data on information security threats and weaknesses, Project Spotlight will provide a critical baseline designed to become an industry standard for security practices. The Project will also present the specific processes and t e c h n o l o g y n e c e s s a r y for o n g o i n g i n f o r m a t i o n protection of the nation's infrastructure. Project Spotlight founders, who are leading-edge companies making unique contributions in the area of information security, include: Client/Server Labs, the premier enterprise-wide IT testing lab; Internet Security Systems (ISS), the leading provider of adaptive n e t w o r k security t e c h n o l o g y that automatically detects and responds to security risks; and META Group, a leading IT research and analysis services firm. Also participating in Project Spotlight is the law firm of King & Spalding represented by Senator Sam Nunn, a key advisor to the President's Committee on Critical Infrastructure Protection. "Project Spotlight is a pioneering effort to gather critical quantitative data that will deliver an increased level of knowledge regarding security threats and effective countermeasures," said Sam Nunn, former Senator and recent co-chairman of the Advisory Committee to the President's Commission on Critical Infrastructure Protection. "The Project's commitment to furthering education in the information security arena will enable organizations to actively protect their enterprise systems through heightened awareness of security issues and proven risk management methods and solutions." Project Spotlight will involve a select group of Fortune 500 and Global 2000 companies. The Project
Spotlight team will install leading-edge security assessment and intrusion detection software and gather and analyse o t h e r w i s e u n d e t e c t e d security vulnerability and threat data. In-depth analysis and subsequent reports will provide insight into the vulnerability exposure and threat activity present in the information systems of Spotlight participants and will provide critical trends and conclusions based on this quantitative data to the industry-at-large. "One of the American Electronics Association's charters is to influence Public Policy," says AEA "We feel Project Spotlight and its' goal of educating both the public and private sectors on the current status of i n f o r m a t i o n security is e x t r e m e l y i m p o r t a n t . A d d i t i o n a l l y , for our m e m b e r c o m p a n i e s the information they will receive regarding their own information system security vulnerabilities and threats, will be invaluable." Specifically, Project Spotlight will provide participants with the following: Actual threat and vulnerability data by industry - this information will be evaluated to determine the potential impact to corporate information systems and networks Specific vulnerability data delivered in a timely fashion - enabling participants to implement corrective measures during the project A baseline vulnerability and threat database organized by industry - designed to measure internal improvement and perform external trend analysis; Qualitative and quantitative statistical analysis - a basis for prioritizing and building the business case for future security technology investments; to protect both the nation's infrastructure, as well as corporate America A comprehensive vulnerability and threat report comparing the participant's security posture with that of other corporations and other industries. For general information about Project Spotlight or f o r information on how to become involved in the programme, contact META Group at (800) 945-META or Client/Server Labs at (770) 552-3645 or visit the Project Spotlight web site at h t t p : / / w w w . i s s . n e t /spotlight
Computer Fraud & Security December 1998 1361-3723/98/$19.00 © 1998 Elsevier Science Ltd. All rights reserved