Tip

Leading information security associations

In the column Best practices: Getting the most out of industry association memberships, author Al Berg offers six key practices for achieving ROI from information security

    Requires Free Membership to View

association memberships. Here is a list of some of the better known industry associations and their characteristics.


Information Sharing and Analysis Centers
The idea behind an ISAC is to provide members with information on risks, vulnerabilities and threats specific to their businesses. Typically, the ISAC serves as a clearinghouse, publishing bulletins based on analysis of information from the press, government, and most importantly, reports of incidents from its members. The ISAC Council (www.isaccouncil.org) is a group of ISACs related to critical infrastructures such as Finance, Telecom, Information Technology, Energy, Transport and Water supply.

Information Security Forum
This organization is headquartered in London and is focused on large organizations. The ISF publishes a large number of reports and guides on topics ranging from security policies to risk assessment to configuration of systems such as Windows and Unix. To get a flavor of their publications, you can download their "Standard of Good Practice" document for free from www.isfsecuritystandard.com. The ISF sponsors an annual Congress of its members. Information on the ISF is available at www.securityforum.org.

The Center for Internet Security
The Center for Internet Security (www.cisecurity.org) is focused on the production of benchmarks and measurement tools to allow organizations to better secure their systems. Available for download from the CIS Web site, these guides provide step by step instructions on security settings for Windows, Unix, Oracle, routers and more. Membership allows an organization to use these tools and benchmarks in commercial activity.

The Internet Security Alliance
The Internet Security Alliance (www.isalliance.org) is a collaborative effort between the CERT Coordination Center at Carnegie Mellon University and the Electronic Industries Alliance (EIA). Members of the ISA receive early access to CERT warnings as well as publications providing analysis of current threats, vulnerabilities and best practices, and the opportunity to participate in subcommittees dealing with topics such as government relations and security standards.

Forum of Incident Response and Security Teams
FIRST, the Forum of Incident Response and Security Teams (www.first.org), focuses on bringing together information security incident response teams to share best practices, experiences and information. FIRST sponsors meetings and conferences, technical colloquia, mailing lists and Web repositories where teams can share information as well as other resources. FIRST membership requires nomination by an existing member as well as a site visit. The FIRST Web site is unique in that it very clearly spells out what is expected of member organizations and individuals.


This was first published in July 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.