Computer Associates forms security standards group

Computer Associates has thrown its hat into the ring of companies and organisations that are advocating security open standards...

Computer Associates has thrown its hat into the ring of organisations that are advocating security open standards and best practices.

At the RSA conference in San Francisco yesterday, CA unveiled the Open Security Exchange (OSE), a collaborative group advocating best practices and supplier-neutral specifications for integrating physical and IT security policies for enterprises.

Calling security "a major problem" for companies because it involves physical and network access, Russell Artzt, vice-president of the eTrust security brand at CA, said it was important for organisations to be able to understand security management.

The OSE will be an open forum for facilitating collaboration across industries and provide customers with a unified view of security management best practices, Artzt said.

Joining CA as founding members of the OSE are Pinkerton Consulting & Investigations, part of Securitas, Tyco International, ASSA ABLOY, secure card maker Gemplus International and the Electronic Crimes Task Force which is part of the US Secret Service.

CA also made two announcements tied to OSE standards:

  • The company will offer a security management command centre that brings together security policies from different IT and physical security systems.
  • CA formed an alliance with Pinkerton to tie Pinkerton's corporate security services to CA's eTrust enterprise security management technology.

The new standards will be freely available from a new website set up for the OSE.

In addition, CA intends to formalise the new standards and best practices by working with other standards organisations such as the Organisation for the Advancement of Structured Information Standards.

CA has not decided which groups it will work with, nor has a timeline been set for submitting OSE standards to any other standards groups to consider, said Artzt.

The absence of other major IT companies besides CA has raised concerns that the new group is more of a CA partnership programme than a true independent industry organisation.

Artzt said that while not present at the group's inception, other software companies would be involved in the OSE for development as well as planning.

Key CA competitors in the security space such as IBM had an "open invitation" to join, he said.

Read more on IT risk management