Artificial Intelligence Authors: Zakia Bouachraoui, Liz McMillan, Elizabeth White, Yeshim Deniz, William Schmarzo

News Feed Item

Jericho Forum(R) Launches New Self-Assessment Tool for Evaluating Effectiveness of IT Security Products

End Users and Vendors to Benefit from Practical Evaluation of Secure Design based on Jericho Forum Commandments

SAN FRANCISCO and LONDON, March 15 /PRNewswire/ -- Jericho Forum, the leading international IT security thought-leadership association, today announced the Jericho Forum Self-Assessment Scheme (SAS), a new tool that will allow vendors and their customers to check the effectiveness of an IT security product in meeting their needs, particularly as more organizations adopt cloud computing. The scheme provides security vendors with a high-value, free-of-charge tool to assess how well a solution satisfies the requirements mandated in the Jericho Forum Commandments - the eleven principles of good security design established by the forum in 2006. The Jericho Forum Self-Assessment Scheme is available immediately and can be downloaded free of charge here: http://www.jerichoforum.org/SAS_Guide.pdf.

The Jericho Forum SAS is designed to raise the bar for the entire security industry by asking the probing questions that reveal if a security product or solution meets an organization's requirements. It will be valuable to:

  1. Security vendors wishing to self-assess their products and architectures and demonstrate their effectiveness as a market differentiator
  2. User organizations looking to compare IT security products and also incorporate their key SAS requirements into their requests for procurement (RFPs)
  3. User organizations wishing to self-assess the security of their system implementations and architectures as well as their readiness for cloud computing
  4. IT systems architects and designers looking to validate the security of their architecture designs

The ultimate goal of the Self-Assessment Scheme is to influence IT product innovation and market forces to be security-driven instead of purely feature-driven.

"I've previously referenced the Jericho Commandments as a framework for envisioning how information security defenses must shift in the modern era," said Dan Blum, senior vice president and principal analyst at Burton Group/Gartner. "Cloud computing is the latest manifestation of IT externalization and de-perimeterization trends that motivate the Jericho Commandments. The Jericho Self-Assessment Scheme being announced will help vendors and customers give themselves an architecture checkup, and it is therefore a useful way to measure cloud-readiness."

"The eleven Jericho Forum Commandments are adopted by many IT architects and designers throughout the industry as valuable benchmarks for measuring design concepts and solutions, while a number of end-user organizations are known to include them as part of their RFPs," said Paul Simmonds, Jericho Forum board member. "This new Self Assessment program extends to all security vendors and customer organizations the benefits of clear measurement criteria with the goal of establishing a more secure marketplace where products are inherently secure right out of the box. This is an open invitation to the IT industry to improve security design standards."

The scheme applies the Jericho Forum Commandments by asking a series of pointed questions that are geared to exposing a product's security flaws or loopholes. It enables vendors to differentiate their products, based on a three-tiered scoring process that assesses how well their product or solution satisfies the requirements implicit in each commandment. Vendors may choose to promote that they have "Self-Assessed" their product by displaying the Jericho Forum's "Self-Assessed" logo on their Web site and marketing materials to indicate their openness to talk about their results with current and prospective clients. The self-policing aspect of the scheme relies on the honesty of the submitters and the knowledge that their reputation will be damaged if their scorecard is exposed as including false claims.

"As more and more applications move into the cloud, assessing the level of security cloud computing vendors really provide is a major effort. The self-assessment questionnaire devised by the Jericho Forum provides a comprehensive and straightforward mechanism to start such a process as it could for example be easily made part of the RFP process," said Philippe Courtot, CEO of Qualys and Jericho Forum board member. "Such an initiative will definitively help improve the necessary transparency cloud computing vendors must provide."

The Jericho Forum expects that IT security vendors will welcome being able to use this tool as it enables product differentiation and drives further innovation through an objective, independent, low-cost assessment that is unlike many other more formal and costly accreditation processes. While many vendors may keep their initial self-assessment summary scores private, they can revisit the SAS to validate and distinguish their accomplishments as their product security improves over time.

"The need for collaboration has never been greater and yet the myriad of business models and vendor offerings available to address the continuously changing threat landscape makes finding and maintaining the most appropriate risk management solution to support this need highly challenging," said Matthew Moynahan, CEO of Veracode, Inc. "The Jericho Forum Self-Assessment tool will prove to be equally valuable to both vendors and users not only during the purchasing process but also for on-going measurement. Veracode applauds the Jericho Forum for providing a compelling framework for evaluating and selecting security products and helping end users and vendors get beyond marketing messages to the core capabilities required to solve a very significant enterprise problem."

About Jericho Forum

The Jericho Forum is an international group of organizations working together to define and promote the solutions surrounding the issue of de-perimeterisation and secure collaboration within cloud computing enterprise environments. The Jericho Forum recognizes that over the next few years, as technology and business continue to align closer to an open, Internet-driven world, the current border-centric security mechanisms that currently protect business information will not match the increasing demands for protection of business transactions, collaborative working and shared data.

For more information please visit: http://www.jerichoforum.org or http://www.wikipedia.org/wiki/Jericho_Forum

SOURCE Jericho Forum

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settl...
Contextual Analytics of various threat data provides a deeper understanding of a given threat and enables identification of unknown threat vectors. In his session at @ThingsExpo, David Dufour, Head of Security Architecture, IoT, Webroot, Inc., discussed how through the use of Big Data analytics and deep data correlation across different threat types, it is possible to gain a better understanding of where, how and to what level of danger a malicious actor poses to an organization, and to determin...
@CloudEXPO and @ExpoDX, two of the most influential technology events in the world, have hosted hundreds of sponsors and exhibitors since our launch 10 years ago. @CloudEXPO and @ExpoDX New York and Silicon Valley provide a full year of face-to-face marketing opportunities for your company. Each sponsorship and exhibit package comes with pre and post-show marketing programs. By sponsoring and exhibiting in New York and Silicon Valley, you reach a full complement of decision makers and buyers in ...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
LogRocket helps product teams develop better experiences for users by recording videos of user sessions with logs and network data. It identifies UX problems and reveals the root cause of every bug. LogRocket presents impactful errors on a website, and how to reproduce it. With LogRocket, users can replay problems.
Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps. Data Theorem products help organizations build safer applications that maximize data security and brand protection. The company has detected more than 300 million application eavesdropping incidents and currently secu...
Rafay enables developers to automate the distribution, operations, cross-region scaling and lifecycle management of containerized microservices across public and private clouds, and service provider networks. Rafay's platform is built around foundational elements that together deliver an optimal abstraction layer across disparate infrastructure, making it easy for developers to scale and operate applications across any number of locations or regions. Consumed as a service, Rafay's platform elimi...
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessio...
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Ca...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...