Gartner, ICSA check security risks

Gartner Group and the International Computer Security Association will unveil a new security service tomorrow that gives customers an in-depth analysis of their Internet security risks, including both business practices and technical aspects.

The Internet Security Exposure Analysis Service from Gartner Measurement is designed for executives in large companies that may not understand online security details but fear the havoc and PR disasters created by break-ins to Web sites or corporate networks.

In April, Gartner took a 19.9 percent equity stake in ICSA, a for-profit company.

"The objective is to provide a one-time snapshot of what areas are vulnerable to exploitation by would-be hackers," said ICSA's George Japak, director of program management.

The service uses elements of ICSA's TruSecure security assessment service and Gartner's Technology, Organization and Process (TOP) model, which evaluates questionnaires from customers to identify business practices, transactions, and procedures that put sensitive corporate information at risk.

Some parts of the service are similar to capabilities of security scanning software from vendors such as Internet Security Systems, but it works with an outside authority for the evaluation rather than with an in-house department that may have established the security system being tested.

In the end, Gartner creates a report and with ICSA makes a presentation to management.

The service is priced at $25,000 for a network with up to 500 IP addresses and an unlimited number of devices.