Secure IT Foundation

Standard

The Secure Computer Standard is a document published by the Secure IT Foundation, to give computer manufacturers and computer sellers guidance as to what steps they should be taking to provide a computer ‘secure out the box’.

Secure Computer Standard v 2.0 2011 – published on 19 January 2011

The latest update and all older versions can be found on the documents page.

The Standard itself has been developed out of the many years of computer security experience from the Secure IT Foundation volunteers, combined with multiple sources of enterprise and government security guides and standards e.g. NIST, Information Security Forum, CESG, Microsoft, SUN, IBM, HP, APACS, FBI etc.

Computer Security Rating scheme

To accompany the Standard, we have developed a sample computer security rating scheme for consumers to be able choose wisely when they buy a new computer.

For large companies there are legal and regulatory standards to be met for which the IT Security industry supports. Payment data, pin codes, passwords, medical data, personal data all must be secured to a standard but the ordinary user has no simple computer standards to apply.  Instead of extensive manuals documenting what must be done to make a computer secure, as used by big organisations, the ordinary home user gets basic or poor information scattered about the Internet which is mostly in an alien language.

This has been likened to a new car purchaser being given a box of parts and told put them together to make his new car secure and safe. What the Secure IT Foundation has identified is the need for the consumers to be empowered to make a choice based on a security rating. Home computer users can use the Internet to see what safety rating their car has without understanding the crash testing process, but the same people are expected to be experts in computer security.

Our suggested computer security rating scheme is based on a five level security model:

Would you buy a computer if you knew it had the lowest rating when there was a similar box with a higher security rating for the same price? That is the goal of the Secure IT Foundation, to give everyone the opportunity to make an informed choice when they buy their next computer. Buying a computer is a complex purchase that can have major consequences on peoples’ lives on the Internet and in real life, security should not be part of the complexity.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


    • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
    • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
    • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]

    Categories

    %d bloggers like this: