Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Sunday, March 28, 2010

10 Jericho Forum (security) commandments

Jericho Forum Offers Free Security Product Assessment Tool  
'Nasty questions' to ask your security vendors
Mar 17, 2010 By Kelly Jackson Higgins
DarkReading
International cloud security group Jericho Forum has created a free self-assessment tool for security vendors and buyers to determine the security of their products -- namely in cloud-based environments.
The Jericho Forum's Self-Assessment Scheme is for security vendors that want to check whether their products are cloud-ready, and for prospective buyers who want to vet those products. The tool is based on the forum's 11 commandments for security, which are basically a checklist that can be used in RFPs. It asks direct questions intended to expose security flaws or potential loopholes in products, and includes a scoring process.
Vendors will be able to add a Jericho Forum "Self-Assessed" logo on their Websites, according to the Forum.
Bob West, founder and CEO of EchelonOne and a Jericho Forum board member, says he envisions the tool as an overall scorecard. "I see this as being part of a requirements document or checklist," West says. "It's looking at a particular technology and incorporating it into a broader context."
Given the self-policing nature of the tool, it relies on the honor system: "We can't make an assumption that it's 100 percent accurate," he says. "There's still an additional amount of due diligence that needs to be done [by the buyer]. But at least you know the vendor has been thinking about this."
West says the tool is "actionable" information that buyers can use and basically puts the Jericho Forum's commandments to work. While it's an ideal fit for prospective cloud computing buyers, it can also be used for the corporate enterprise environment, he says.
The tool can be downloaded here (PDF).

No comments: