Center for Internet Security and Configuresoft to Chair Virtual Machine Security Benchmark Group.Security and virtualization An umbrella term for enhancing a computer's ability to do work. Following are the ways virtualization is used. Hardware Virtualization Partitioning the computer's memory into separate and isolated "virtual machines" simulates multiple machines within one physical computer. experts will lead working group discussion at RSA Conference 2007 SAN FRANCISCO, Calif. -- Configuresoft, an innovator in systems management technology and the creator of enterprise Configuration Intelligence[TM], and the Center for Internet Security, Inc. (CIS Cis (sĭs), same as Kish (1.) (1) (CompuServe Information Service) See CompuServe. (2) (Card Information S ) are leading an effort to set a virtual machine security benchmark. On Thursday, February 8, 2007, Chris Farrow, director of the Center for Policy and Compliance, Configuresoft and John Banghart, director of Benchmark Services, Center for Internet Security, Inc., invite security and virtualization experts to attend their Peer2Peer session, "Launch of the CIS Virtual Machine Security Benchmark Working Group" at the RSA Conference in San Francisco. Although the basic principle behind virtualization is not new, careful attention must be paid to the potential of new security threats born out of the additional complexity produced by virtualization. To realize the cost savings promised through virtualization, organizations need to spend time better understanding risks and threats to ensure they can proactively remediate potential compromises to virtual machines. A virtual machine security benchmark will provide industry specific guidelines for security experts and auditors to assess and harden virtual resources, and ensure security and policy compliance is achieved.
WHO: John Banghart, director of Benchmark Services - Center for
Internet Security, Inc.
Chris Farrow, director of the Center for Policy and
Compliance - Configuresoft, Inc.
WHAT: CIS invites security and virtualization experts to join a
consensus working group to set a virtual machine security
benchmark
WHEN: Thursday, February 8, 2007
10:40 AM - 11:30 AM PST
WHERE: RSA Conference 2007
Peer2Peer, Room 303B
Moscone Center
747 Howard Street
San Francisco, California
Security and virtualization challenges are also outlined in an original podcast from Configuresoft at: http://www.configuresoft.com/News/podcasts.aspx, entitled Virtualization Does Have a Downside: New IT Enterprise Security Exposures and Operational Considerations. Configuresoft will be participating in RSA Conference 2007, located in Booth # 2219. About Chris Farrow With over 18 years of experience in systems engineering and security, Chris Farrow serves as the founder and director of the Center for Policy & Compliance, a research & advisory group created by Configuresoft to address the issues of managing security within strict metrics. An active industry spokesman on the topics of compliance, security management and remediation strategies, Farrow co-founded the PCI (1) (Payment Card Industry) See PCI DSS. (2) (Peripheral Component Interconnect) The most widely used I/O bus (peripheral bus). Security Vendor Alliance and was the driving force to launch the CIS benchmark on virtual machine security. Farrow has publicly spoken at numerous conferences including Blackhat, SANS, Gartner IT-Expo, InfoSec, ISSA (Information Systems Security Association, Bellingham, WA, www.issa.org) A membership organization that promotes effective management practices for computer security. Founded in 1982, ISSA has chapters in more than 20 countries and hosts an annual conference. and ISACA (Information Systems Audit and Control Association, Rolling Meadows, IL, www.isaca.org) A membership association dedicated to information systems auditing and security. Founded as the EDP Auditors Association in 1969, ISACA provides certification in auditing and security (see CISA and CISM). . About Configuresoft Configuresoft is an innovator in systems management technology, delivering the enterprise Configuration Intelligence[TM] to effectively and efficiently manage today's heterogeneous computing infrastructures. Spanning both security and operations, the Company's configuration management, compliance and remediation products are used by 12 of the world's 25 largest companies to keep their critical systems properly configured, while ensuring compliance with regulatory requirements such as Sarbanes-Oxley, FISMA FISMA Federal Information Security Management Act of 2002 FISMA Federal Information System Management Act , GLBA GLBA Gramm-Leach-Bliley Act of 1999 (Financial Modernization Act of 1999) GLBA Gay and Lesbian Business Association GLBA Great Lakes Booksellers Association GLBA Glacier Bay National Park and Preserve , Basel II, HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, and DISA 1. (body) DISA - Defense Information Systems Agency. 2. (standard) DISA - Data Interchange Standards Association. , and industry standards such as ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. 27001, PCI DSS and Microsoft Security Hardening Guides. To contact Configuresoft, please call (888) U-CONFIG or visit www.configuresoft.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion