Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Self-Assessment Tool Available For Meeting The Jericho Forum Good Security Design Principles

Jericho Forum : 16 March, 2010  (New Product)
Available to integrators and the end user community, the free-to-download Jericho Forum Self-Assessment Scheme enables users to assess their IT security effectiveness against the 11 principles set down by the Forum
Jericho Forum has announced the Jericho Forum Self-Assessment Scheme (SAS), a new tool that will allow vendors and their customers to check the effectiveness of an IT security product in meeting their requirements and ensure secure implementation and deployment. The scheme provides security vendors with a high-value, free-of-charge tool to assess how well a solution satisfies the requirements mandated in the Jericho Forum Commandments - the eleven principles of good security design established by the forum in 2006. The Jericho Forum Self-Assessment Scheme is available immediately and can be downloaded free of charge.

The Jericho Forum SAS is designed to raise the bar for the entire security industry by asking the probing questions that reveal whether a security product or solution meets an organisation's requirements. It will be valuable to:

1. Security vendors wishing to self-assess their products and architectures and demonstrate their effectiveness as a market differentiator.

2. User organisations looking to compare IT security products and also incorporate their key SAS requirements into their requests for procurement (RFPs).

3. User organisations wishing to self-assess the security of their system implementations and architectures as well as their readiness for cloud computing.

4. IT systems architects and designers looking to validate the security of their architecture designs.

The ultimate goal of the Self-Assessment Scheme is to influence IT product innovation and market forces to be security-driven instead of purely feature-driven.

"I've previously referenced the Jericho Commandments as a framework for envisioning how information security defences must shift in the modern era," said Dan Blum, Senior Vice President & Principal Analyst at Burton Group/Gartner. "Cloud computing is the latest manifestation of IT externalisation and de-perimeterisation trends that motivate the Jericho Commandments. The Jericho Self-Assessment Scheme being announced will help vendors and customers give themselves an architecture checkup, and it is therefore a useful way to measure cloud-readiness."

"The eleven Jericho Forum Commandments are adopted by many IT architects and designers throughout the industry as valuable benchmarks for measuring design concepts and solutions, while a number of end-user organisations are known to include them as part of their RFPs," said Paul Simmonds, Jericho Forum board member. "This new Self Assessment programme extends to all security vendors and customer organisations the benefits of clear measurement criteria with the goal of establishing a more secure marketplace where products are inherently secure right out of the box. This is an open invitation to the IT industry to improve security design standards."

A video news release of Paul Simmonds presenting the Jericho Forum Self Assessment scheme with a Q and A is being issued today on the Jericho Forum channel on YouTube. It is also available to interested online media for use on their site.

The Jericho Forum expects that IT security vendors will welcome being able to use this tool as it enables product differentiation and drives further innovation through an objective, independent, low-cost assessment that is unlike many other more formal and costly accreditation processes. While many vendors may keep their initial self-assessment summary scores private, they can revisit the SAS to validate and distinguish their accomplishments as their product security improves over time.

"As more and more applications move into the cloud, assessing the level of security computing vendors really provide is a major effort. The self assessment questionnaire devised by the Jericho Forum provides a comprehensive and straightforward mechanism to start such a process as it could for example be easily made part of the RFP process." said Philippe Courtot, Qualys CEO and Jericho Forum board member. "Such an initiative will definitively help improve the necessary transparency Cloud Computing vendors must deliver."

The scheme applies the Jericho Forum Commandments by asking a series of pointed questions that are geared to exposing a product's security flaws or loopholes. It enables vendors to differentiate their products, based on a three-tiered scoring process that assesses how well their product or solution satisfies the requirements implicit in each commandment. Vendors may choose to promote that they have 'Self-Assessed' their product by displaying the Jericho Forum's 'Self-Assessed' logo on their Web site and marketing materials to indicate their openness to talk about their results with current and prospective clients. The self-policing aspect of the scheme relies on the honesty of the submitters and the knowledge that their reputation will be damaged if their scorecard is exposed as including false claims.

"The need for collaboration has never been greater and yet the myriad of business models and vendor offerings available to address the continuously changing threat landscape makes finding and maintaining the most appropriate Risk Management solution to support this need highly challenging." said Matthew Moynahan, CEO of Veracode. "The Jericho Forum Self Assessment tool will prove to be equally valuable to both vendors and users not only during the purchasing process but also for on-going measurement. Veracode applauds the Jericho Forum for providing a compelling framework for evaluating and selecting security products and helping end users and vendors get beyond marketing messages to the core capabilities required to solve a very significant enterprise problem."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo