Trisha Shetty (Editor)

Center for Internet Security

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Founder
  
William F. Pelgrin

Coordinates
  
42°36′44″N 73°41′58″W

Founded
  
October 2000

Legal status
  
Active

Members
  
Roughly 180


Location
  
East Greensbush, New York

Key people
  
Board of Directors Executive Committee

Type of business
  
501(c)(3) not-for-profit organization

Profiles

Twitter

The Center for Internet Security (CIS) is a 501(c)(3) not-for-profit organization founded in October, 2000, whose mission is to "enhance the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration." The company is located in East Greenbush, New York and is led by its President and CEO, William F. Pelgrin. It is composed of roughly 180 members from 17 different countries. CIS strives to improve global internet security by creating and fostering a trustable and secure environment to bridge the public and private sectors. In addition, at the national and international level, CIS plays an important role in forming security policies and decisions. CIS has four divisions: the Central Intelligence Center, the Multi-State Information Sharing and Analysis Center (MS-ISAC), Security Benchmarks, and the Trusted Purchasing Alliance. Through these four divisions, the Center for Internet Security works with a wide range of entities, including those in academia, the government, and both the private sector and general public to increase their online security by providing them with products and services that improve security efficiency and effectiveness.

Contents

Integrated Intelligence Center

The goal of the Integrated Intelligence Center (IIC) is to aid in the sharing of intelligence products and information between government and private sector entities. State, local, tribal, and territorial (SLTT) government partners use the IIC as a resource to report and collaborate with each other on cybersecurity issues in as timely a manner as possible. In order for the US Department of Homeland Security and the IIC to collect, analyze, and "ensure actionable information" with their SLTT partners, they offer fusion centers, homeland security advisors, and law enforcement entities equipped with cybersecurity products to the companies they work with. In order to protect the online safety of these organizations, the IIC facilitates secure, "two-way sharing of information between and among similarly situated partners". This sharing is pertinent to this industry because the industry is so heavily based on collaboration at all levels.

In addition to two-way sharing, the IIC provides its clients many other resources. Intelligence sharing allows SLTT governments to notify each other of cyber security "threats, trends, and problems" that they experience. Subject matter experts analyze cyber trends and intelligence in order to assist SLTT governments in both on-going ventures and "one-time events and assessments". Given by expert lecturers, monthly training sessions on evading cyber crime are provided to "fusion center analysts and other interested partners". Through these resources, the Integrated Intelligence Center aims to improve both the safety and awareness of cyber issues, as well as prepare its clients to quickly respond to and resolve cyber threats.

Multi-State Information Sharing and Analysis Center

The Multi-State Information Sharing and Analysis Center is designated by the U.S. Department of Homeland Security as a key cyber security resource for the nation’s state, local, territorial, and tribal (SLTT) governments. The MS-ISAC 24x7 cyber security operations center issue's modern network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation and incident response.

According to www.cisecurity.org, the main objectives of MS-ISAC include:

  • provide two-way sharing of information and early warnings on cyber security threats
  • provide a process for gathering and disseminating information on cyber security incidents
  • promote awareness of the interdependencies between cyber and physical critical infrastructure as well as between and among the different sectors
  • coordinate training and awareness
  • ensure that all necessary parties are vested partners in this effort

    • The MS-ISAC has been growing since 2003. It started off as a small group of participating states in the Northeast; however, it now plays a national role and works with the U.S Government and the Department of Homeland Security as the Information Sharing and Analysis Center for SLTT governments. The growth of this center reached a vital point in its development which deemed changing its overall structure necessary. It needed to be transformed into an organization with a more central, “dedicated focus”—not just confined to one governmental group, but to solve the widespread problems faced by all SLTT government entities. Further, this change would better represent MS-ISAC’s new and larger breadth and roles in global internet security. In 2010, MS-ISAC further advanced its development when the United States Government and the Department of Homeland Security acquired not-for-profit status through the Center of Internet Security. This provided MS-ISAC with the means to keep up with both its own needs and those of the SLTT governments and also to support and advance the national internet security mission of the Department of Homeland Security.

    Security Benchmarks

    The Security Benchmarks Division provides global standards for internet security. Through consensus, the CIS Security Benchmarks division provides frameworks to help organizations bolster their security. According to www.CISecurity.org, resources include "secure configuration benchmarks, automated configuration assessment tools and content, security metrics and security software product certifications."

    Overview

    The division's primary goal is for the widespread use of its benchmarks to increase and improve global internet security. CIS provides these benchmarks, and other useful internet security tools free to everyone at its website (making CIS very cost effective), www.CISecurity.org. The benchmarks and the other tools CIS provides at no cost allow IT workers to create reports that compares their system security to universal consensus standard. This fosters a new structure for internet security that everyone is accountable for that is shared by top executives, technology professionals and other internet users throughout the globe. Further, CIS provides internet security tools with a scoring feature that rates the security of the system at hand. This inherently encourages and motivates users to improve the scores given by the software, which bolsters the security of their internet and systems. The universal consensus standard that CIS employs is beneficial and powerful in that it draws upon and uses the accumulated knowledge of skillful technology professionals. Since internet security professionals volunteer in contributing to this consensus, this reduces costs for CIS and makes it cost effective.

    To develop and structure its benchmarks, CIS uses a strategy in which members of the organization first form into teams. These teams then each collect suggestions, advice, official work and recommendations from a few participating organizations. Then, the teams analyze their data and information to determine what the most vital configuration settings are that would improve internet system security the most in as many work settings as possible. Each member of a team constantly works with their teammates and critically analyzes and critiques a rough draft until a consensus forms among the team. Before the benchmark is released to the general public, they are available for download and testing among a widespread, yet selective group of people. After reviewing all of the feedback from testing and making any necessary adjustments or changes, the final benchmark and other relevant security tools are made available to the public for download through the CIS website. This process is so extensive and is so carefully executed that sometimes even thousands of security professionals throughout the globe participate in it. According to www.isaca.org, "during the development of the CIS benchmark for Sun Microsystems Solaris, more than 2,500 users downloaded the benchmark and monitoring tools."

    Mission

    The mission of the security benchmarks division is to use practice standards to improve the level of security and privacy on the Internet, and to establish integrity of the public and private sphere of Internet-based functions and transactions in which society heavily relies on.

    The Security Benchmarks division is a collaboration of the Consensus Community and Security Benchmarks members. The Consensus Community is made up of experts in the field of IT security who use their knowledge and experience to help the global Internet community. Security Benchmarks members are made up of several different types of companies ranging in size, including government agencies, colleges and universities, nonprofits, IT auditors and consultants, security software vendors and other organizations. The collaborated efforts of the Consensus Community and Security Benchmarks members are essential to the CIS Security Benchmarks' success.

    Resources

    The CIS Security Benchmarks Division develops and distributes Security Configuration Benchmarks, Security Metrics, and The CIS-CAT Benchmark Assessment Tool. According to www.cisecurity.org "Security Configuration Benchmarks describe consensus best practices for the secure configuration of target systems and are developed via extensive collaboration with our volunteer consensus community." CIS Benchmarks are accepted as the worldwide standard for IT security technical controls and can be downloaded for free in PDF format. According to www.cisecurity.org "Security Metrics offer enterprise IT and security teams insight into their own security process outcomes and are developed via extensive collaboration with our volunteer consensus community." These metrics can be downloaded for free by the public, which includes the CIS Quick Start Guide for Consensus Security Metrics. According to www.cisecurity.org, "The CIS-CAT Benchmark Assessment Tool provides IT and security professionals with a fast, detailed assessment of target systems' conformance with CIS Benchmarks." The CIS-CAT is an important tool used for enterprises to analyze and monitor the secureness of information systems and the effectiveness of security controls and processes. The CIS-CAT is only available to CIS Security Benchmarks members.

    Trusted Purchasing Alliance

    "The mission of the Trusted Purchasing Alliance (TPA) is to serve state, local, territorial and tribal governments and related not-for-profit entities in achieving a greater cyber security posture through trusted expert guidance and cost-effective procurement." The intent of the TPA is to combine the purchasing power of governmental and nonprofit sectors to help participants improve their cyber security condition at a lower cost than they would have been able to attain on their own. In order to bring their partners cost-effective services, they work with private and public sectors. They assist with the "time intensive, costly, complex, and daunting" task of maintaining cyber security. The combined purchasing opportunities are checked out by domain experts.

    There are three main objectives of the Trusted Purchasing Alliance. The first is to contribute a trusted environment to improve the condition of the cyber security of the previously mentioned entities. The second is to help lower the cost of cyber security needs. The third is to work with companies to bring services and security products to their partners.

    Participating organizations

    The primary reason organizations throughout the world become members of and join the Center for Internet Security is they realize the importance of CIS and its missions and goals, so they strive to support it. By them giving yearly membership fees to the CIS, organizations understand and are happy that they are increasing global internet security for everyone. Further, by joining, they can take part in the creation of benchmarks.

    The founding organizations and partners of the Center for Internet Security include the following: ISACA®, The American Institute of Certified Public Accountants (AICPA), The Institute of Internal Auditors (IIA), The International Information Systems Security Certification Consortium (ISC2) and The SANS Institute (System Administration, Networking and Security) . These organizations all helped form CIS in October, 2000. CIS has gone a long way and now currently has roughly 180 members from a total of 17 different countries. CIS cooperates and works with a variety of organizations and members at both the national and international levels. Some of these organizations include those in both the public and private sectors, government, ISACS and even law enforcement.

    References

    Center for Internet Security Wikipedia
    (Text) CC BY-SA