The CIS Benchmarks are secure configuration settings for over 100 technologies. Download Our Free Benchmark PDFs. CISĀ® (Center for Internet Security).
Attention, Internet Explorer User Announcement: Jive has discontinued support for Internet Explorer 7 and below. In order to provide the best platform for continued innovation, Jive no longer supports Internet Explorer 7.
Jive will not function with this version of Internet Explorer. Please consider upgrading to a more recent version of Internet Explorer, or trying another browser such as Firefox, Safari, or Google Chrome. (Please remember to honor your company's IT policies before installing new software!).
Every business can use benchmarking to improve on its security., Hopefully, most people are familiar with, which identifies missing security updates and common security misconfigurations on machines running Windows, but there are many more Microsoft diagnostic tools you can download for free. Within the, search for 'Analyzer tool,' and three should come up: There are 'Best Practices Analyzers' for Internet Security and Acceleration Server, Microsoft Exchange and SQL Server, all of which report configuration settings that do not conform to Microsoft's recommended best practices. Following the recommendations that these tools provide will also help the network to achieve greater performance, scalability, reliability and uptime. For those of you running a wider variety of operating systems and applications or who want a vendor-independent tool, then the free Center for Internet Security (CIS) are for you.
Benchmarking is a process that compares your business activities to similar companies' or to accepted best practices. The CIS Benchmark tools enable IT and security professionals to rapidly assess their own IT systems, and even in some cases, for compliance with the CIS minimum due-care security benchmark. These benchmarks are developed through a global consensus process, which pools the security knowledge and recommendations of IT security specialists from around the world, and the benchmarks are kept up to date as new vulnerabilities are discovered. Various reports offer guidance in how to harden new and active systems and applications. I would also recommend the CIS Configuration Audit Tool (CIS-CAT) that compares the configuration of IT systems to CIS Benchmarks and reports conformance scores on a scale of 0-100. This allows you to ensure the security status of your information systems conforms to the configuration specified in the benchmark and to monitor the effectiveness of internal security processes. The reports can then demonstrate to senior management how your system security measures up, as well as show compliance with an accepted security standard.
To begin, CIS provides a short video tutorial on, evaluate a Microsoft Windows system using the CIS Windows XP Benchmark and interpret the assessment results. There's a total of 52 benchmarks altogether, including those for all the commonly used operating systems such as Microsoft, Linux, Unix, Mac OS and Solaris. Various browsers and databases are covered, and there are also benchmarks for VMware, Wireless Network Devices and Apple Inc.' Once you have hardened a system, you can use it to create a standard configuration image for hardening similar systems prior to deployment. This is a great time saver if you have to rollout several machines at once. CIS also provides its to make it easier to make cost-effective security investment decisions and investments. Again, this is a free resource.
See Microsoft security tools:. Network security 101:. There are 20 metric definitions for six business functions: incident management, vulnerability management, patch management, application security, configuration management and financial metrics. (Additional metrics are being defined for other business functions.) The metrics measure the frequency and severity of security incidents, incident recovery performance, and the use of security practices that are generally regarded as effective, allowing you to analyse your own IT security process and performance outcomes. The (ISF), an independent, non-profit organisation, offers its members a variety of tools, such as the for evaluating information security controls across an application, business unit or an entire organisation, with results displayed to reference against, the (COBIT) or the (PCI DSS). The ISF's Information Security Benchmark allows you to and compare your security status against that of other organisations, as well as ISO 27002 and COBIT. Although you need to be a member to download these particular tools, you can download their for free.
This guide provides a good place to start addressing your information security needs from a business perspective, as it provides a practical basis for assessing an organisation's information security arrangements, large or small. Every business can use benchmarking to improve on its security: The process questions what you are doing, identifies opportunities for improvement and often provides the momentum necessary for implementing change. At its simplest, it helps you to compare your security posture with best practice and control costs, while more sophisticated benchmarking looks at process design and business strategy. You and your network can benefit from this knowledge, expertise and experience for free, so don't waste the opportunity. About the author: Michael Cobb CISSP-ISSAP, CLAS, is a renowned security author with more than 15 years of experience in the IT industry. He is the founder and managing director of Cobweb Applications, a consultancy that provides data security services delivering ISO 27001 solutions.
He co-authored the book IIS Security and has written numerous technical articles for leading IT publications.