The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

CERIAS announces the beta launch of Elisa

Tue, July 08, 2003General

CERIAS announces the beta launch of a new service for managing vulnerabilities and patches.  Elisa (Enterprise-Level Information Security and Assurance) is free and is starting beta testing at:
https://cirdb.cerias.purdue.edu/elisa_beta

The site is expected to conclude beta testing and be fully operational (at a different url) at the beginning of August.

Elisa is the adaptation of the Cassandra service to support NIST’s recommendation on managing patches and vulnerabilities (800-40, available at http://csrc.nist.gov/publications/nistpubs/800-40/sp800-40.pdf).  Patch and Vulnerability Groups may create domains of confidentiality with standard
profiles, and make those accessible to selected system administrators (SA). SAs can create child profiles that inherit the applications in the PVG profiles, or create new independent ones.  PVGs can validate and suggest patches, and SAs can then report the application of patches, so that the
patching state of the enterprise can be monitored and controlled systematically.  System administrators can also be independent, creating a functionality identical to Cassandra’s.  However, Elisa doesn’t yet support Secunia advisories, like Cassandra now does, but will before its final launch in August. 

If you would like more information on Elisa or Cassandra, contact:

Pascal Meunier, Ph.D., M.Sc., CISSP
Assistant Research Scientist
Purdue University CERIAS
Recitation Building
656 Oval Drive
West Lafayette, IN 47907-2039

Get Your Degree with CERIAS