Computer Associates International Inc. (CA) has thrown its hat into the ring of companies and industry organizations that are advocating security open standards and best practices.

The company has unveiled the Open Security Exchange, a collaborative group advocating best practices and vendor-neutral specifications for integrating physical and IT security policies for enterprises.

Calling security "a major problem" for companies that involves both physical and network access, Russell Artzt, vice president of the eTrust Security Brand at CA, said that it was important for organizations to be able to understand security management.

The Open Security Exchange (OSE) will be an open forum for facilitating collaboration across industries and provide customers with a unified view of security management best practices, according to Artzt.

Joining Artzt on stage at RSA were representatives of five companies from the public and private security communities that are joining CA as founding members of the OSE, including Pinkerton Consulting & Investigations, part of Securitas AB, Tyco International Ltd., ASSA ABLOY AB, secure card maker Gemplus International SA and a special agent in the Electronic Crimes Task Force at the U.S. Secret Service.

Each representative spoke briefly to the assembled crowd about what their company brings to the new organization.

Don Lyman, vice president of Tyco Safety Products, said that his company had an API (application programming interface) that could tie access control systems to digital video, fire or burglary systems, as well as human resources and time-and-attendance software systems.

Lyman envisioned systems based on OSE standards that could limit not just which employees but how many and which groupings of users could occupy a server room at once.

Adding weight to the initiatives of the new group, CA made two additional announcements tied to OSE standards:

CA will be offering a security management command center that brings together security policies from different IT and physical security systems, according to Artzt.

In addition, the company formed an alliance with Pinkerton to tie Pinkerton's corporate security services to CA's eTrust enterprise security management technology, he said.

CA's eTrust 20/20 product will adhere to the OSE standards and use Pinkerton-developed security policies that can help administrators identify security threats in complex network environments, CA said in a statement.

The new standards will be freely available to the public, including CA's competition, from a new Web site set up for the OSE (See:, according to Artzt.

In addition, CA intends to formalize the new standards and best practices by working in conjunction with other standards organizations such as OASIS (Organization for the Advancement of Structured Information Standards), he said.

CA has not decided which groups it will work with, nor has a timeline been set for submitting OSE standards to any other standards groups to consider, according to Artzt.

In a question and answer session that followed the announcement, RSA Conference attendees expressed doubts about the mission of the new group.

Artzt was asked whether the absence of other major IT companies besides CA made the new group more of a CA partnership program rather than a true independent industry organization.

While not present at the group's inception, other software companies would be involved in the OSE for development as well as planning, according to Artzt.

Key CA competitors in the security space such as IBM Corp. had an "open invitation" to join, he said.

Others questioned whether other government and private sector organizations such as the U.S. Department of Defense weren't already developing physical and IT security best practices along the lines of what the OSE was proposing.

"There's a lot more being talked about than being done," said Joseph Grillo, president and chief executive officer of the Identification Technology Group at ASSA ABLOY. "We're going to show how things can be done with groups working together. This group can help move talk to action and get solutions implemented."