CIO Council launches security best practices Web site

CIO Council launches security best practices Web site

MAY 23'The Chief Information Officers Council on Monday introduced a Web site that will contain a database of security best practices documents.

The Web site, at, allows agencies to post security best practices and lets others comment on those practices.

The site has been developed by the CIO Council's Security, Privacy and Critical Infrastructure Protection Committee and by the Agency for International Development.

Hackers are organized into a collaborative community in that they share ideas, and hardware and software weaknesses, said James P. Craft, AID's information systems security officer and chairman of the CIO Council's security practices subcommittee. The goal of the best practices Web site is to bring that same collaborative effort to government security efforts, he said.

The site is part of a CIO Council effort to publicize its security work, said Energy Department CIO John Gilligan. In addition to the best practices site, the council is designing an evaluation tool so agencies can assess their security status.

The project started after Rep. Steve Horn (R-Calif.) suggested grading agencies on their security efforts, similar to the grading that was conducted as agencies made their year 2000 preparations. Gilligan said the goal is to create an evaluation tool so agencies will know how they are being judged. It will also let agencies conduct their own assessment.

The framework will be issued in June, he said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.