Dubbed the Open Security Exchange, the organization lists as initial members identity card maker HID, smart card maker Gemplus, security firm Pinkerton Consulting and Investigations and security software company Software House, a subsidiary of Tyco Fire & Security. The companies and partner CA announced the group's launch at the RSA Conference 2003 here on Monday.
"There is a lot more talk about (physical and information security) being done than is being done in reality," said Joseph Grillo, president and CEO of ASSA ABLOY Identification Technology Group, which includes HID. "This demonstrates what can be done when you have people with different expertise get together. This group can help turn the talk to action."
The group will create best practices for information and physical security products and services, especially how such security should be integrated. In addition, the companies will release open technology specifications, but the group didn't describe what form the documents would take in any detail.
"We will continually add new best practices into the security exchange forum as our knowledge base grows," said Russell Artzt, executive vice president for CA's eTrust security products.
Artzt said he hoped other companies would join, and that the organization would look to quickly grow its membership.
"We will be asking (competitors such as) IBM, and it will be open to join," he said. "I believe many of the players will be joining; we will certainly have an open invitation to them."
As part of the announcement, CA took the wrapping off of two software components that, unsurprisingly, met the group's specifications: its Security Command Center management software and eTrust 20/20 security event-tracking software.
The computer software and services company also said its partner Pinkerton had adopted as standard CA's eTrust audit, security-policy management and intrusion detection software for its investigation and consulting services. The Islandia, N.Y.-based company will reciprocate by bringing Pinkerton into security engagements and by providing security services ranging from forensics to security architecture and planning.
"We are generally brought into a situation when there is an event and we have to work with our clients to find out what happened," said Nazzareno Paciotti, president of Pinkerton Consulting and Investigations, detailing where he thought such CA software would help.
U.S. Secret Service Special Agent Robert Rodriguez took part in the announcement to say he looked forward to working with the companies involved to aid in investigating cybercrimes.
In the past, companies haven't been very forthcoming, he said. In 1996, only 16 percent of companies reported computer-security incidents to law enforcement, according to a study conducted by the FBI and the Computer Security Institute. The situation has only improved somewhat, with 34 percent of companies reporting incidents in 2002, the study's latest numbers show.
"That's a problem," he said. "If someone hacks into your bank, and you don't report it, chances are that they will go across the street or to the next (Web) site over."