While the government lumbers along with a muddled potpourri of public and semipublic centers and councils to fight cybercrime, a handful of private organizations offer an alternative.
IDefense, in Fairfax, Va., was launched in 1998 the year the White House revamped the federal infrastructure protection system. "We exist because of the need for a better system [than the government] to track computer crime," said Brian Kelly, CEO of iDefense.
The company offers intelligence and risk management services to a client base of 50 companies, and even some federal agencies. The services cost $5,000 per year.
One newcomer is the Internet Security Alliance, a collaboration among the Electronic Industries Alliance, Carnegie Mellon Universitys Software Engineering Institute and the universitys Computer Emergency Response Team Coordination Center that was started six months ago. The ISA offers security assessment services, warnings and standards-setting initiatives. Annual membership fees range from $2,500 to $50,000, based on company revenue.
The Center for Internet Security is dedicated to creating best-practice benchmarks and scoring tools to help companies improve their network security systems. "If we could get everyone to use our tools, the Net would be a hugely safer place," said Clint Kreitner, the CIS president. Annual membership ranges from $250 to $25,000, depending on company size.
While some private security organizations keep their members anonymous, the International Information Integrity Institute fully identifies its members and encourages the free flow of information among them. "Were built on the trust that develops between members," said John Thurlow, director of I-4.
I-4 focuses the energy of its 60-plus members on emerging security threats and holds three conferences per year. Information is not disseminated beyond the group. First-time member fee is $29,000. Renewal costs $25,000 per year.
By far, the largest security education organization is the System Administration Networking and Security Institute, which boasts 96,000 participants. SANS runs a heavy schedule of conferences and workshops on information security, and covers its costs through event fees.
The longest-standing private security group is the Computer Security Institute, established in 1974. The group offers intrusion detection resources, virus alerts and a national computer crime survey, and runs two conferences per year. Its annual membership fee is $197.