PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
December 2003

The best information security policy decisions of 2003

Best Benchmarking Effort: Center for Internet Security Effective IT risk managers follow the 80/20 rule: They expend 20 percent of their resources addressing 80 percent of their risk. That's also the M.O. behind the Center for Internet Security's configuration benchmarks, consisting of techniques and scoring tools for hardening default installations of Windows NT/2000, Solaris, Linux, HP-UX, Cisco routers and Oracle databases. When implemented, the benchmarks reduce the number of out-of-the-box vulnerabilities in these systems by more than 80 percent, says CIS president and CEO Clint Kreitner. "There's a ton of low-hanging fruit that organizations can address simply by using the recommendations," he says. Best of all, the benchmarks -- developed through a global consensus process involving industry, government, academia and consultants -- are offered free to the Internet community at "It's hard to know what 'best practice' is, and it's not always easy to configure per best practice once you know what it is," ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue