Commonly Accepted Security Practices and Recommendations

The CASPR Project

CASPR stands for Commonly Accepted Security Practices & Recommendations.  Our goal is to distill the knowledge of the world’s Information Security experts into a series of papers that are freely available on the Internet to everyone. Using the OpenSource movement as a guide, the papers will be developed and released under the GNU Free Document License to make sure that they and any derivates remain freely available.

Our papers are vendor-neutral.  That is, we do not espouse the use of any particular product or service, but instead provide advice in our papers about how to use technologies, products, and methodologies to secure the IT environment.  We use the phrase “commonly accepted” in our project’s name because after our papers have been written, they are vetted by a community of experts to ensure that the advice is sound, valid, and agreed upon.

There are many “best practices” papers already available, and we are not attempting to reinvent the wheel.  Instead, we sometimes use existing “best” practices as a starting point for our work, but we provide real, proven advice on what works, what doesn’t, what the issues are, and what the tradeoffs are with the approaches we are documenting.  Our goal is to tell our audience WHAT TO DO in the real world.  That audience might be other information security practitioners, it might be management, it might be users.  But when that audience reads our paper, we want them to know what our experts have done that works.

Creating Papers

Anyone who has expertise in an aspect of information security may produce a CASPR paper.  Participating in CASPR doesn’t require expert writing skills (although it helps to have those!)  Once a paper is drafted, we have editors available to help with producing a well-organized, well-written document.  After each paper is edited, it is then evaluated by other members of the CASPR project, and is updated to reflect the results of the evaluation.  Finally, before “world-wide” publication on the Internet, the paper is vetted by members of the CISSP forum and other information security experts.  The papers are then published on our web site.

Interested in joining?

We need your help! We believe that this project is one of the most exciting to hit the Internet in a long time. The benefits of taking the OpenSource model and applying it to documentation are numerous. First, by releasing the papers under the GNU Free Document License (GFDL), we guarantee that our knowledge remains open and available to everyone. Second, no organization could afford to hire all of the experts that we have working on the project. Even if they could hire them, they would have to charge outrageous prices for access to the papers. Third, there is no profit motive to influence the results of our work. The benefits to those that contribute are numerous. You will enjoy the personal benefit of having their names associated as experts in each document they help create, and global benefit of knowing that you have helped increase the security of the Internet as a whole by sharing your expertise with the world. Join us! It is as simple as filling out a form.

Visitors since 9/30/2002

© 2003 CASPR Working Group