Welcome!

News Feed Item

Australian Government's Department of Industry, Innovation, Science, Research and Tertiary Education Wins 2012 National Cybersecurity Innovation Award

The innovation:  Effectively eliminating targeted intrusion by removing the primary vulnerability to advanced persistent threat attacks using existing technologies.

WASHINGTON, Nov. 7, 2012 /PRNewswire-USNewswire/ -- The SANS Institute today announced that the Australian Government's Department of Industry, Innovation, Science, Research & Tertiary Education (DIISRTE) has won a 2012 U.S. National Cybersecurity Innovation Award for effectively eliminating targeted intrusions known as advanced persistent threat attacks using existing technologies.

(Photo: http://photos.prnewswire.com/prnh/20121107/DC08272)

A year ago, White House Cyber Advisor Howard Schmidt presented a 2011 National Cybersecurity Innovation Award to the Australian Defence Signals Directorate (DSD) for its identification of four key cybersecurity controls that, when implemented fully, can reduce an organization's threat exposure by over 85%. This was a major discovery and well deserving of recognition. However, a core question remained: does it really work at scale without causing performance problems or having other negative effects that might give organizations reason to delay implementation?

Now that question has been answered and the actual benefit verified. This proof eliminates any reasons why a government agency funded with public money, or any other enterprise that is serious about cybersecurity, should delay implementing DSD's Top 4 Mitigation Strategies, especially given the "how to" guides available at www.dsd.gov.au/infosec/top35mitigationstrategies.htm.

Over the past two years, DIISRTE finished the job the DSD had started by discovering and documenting the first-ever practical operationalization of DSD's Top 4 Mitigation Strategies. The crux of DIISRTE's innovation is a method for leveraging and repurposing existing security resources and technologies.

In particular, DIISRTE showed how to use Microsoft's suite of management software and Symantec's Endpoint Protection (SEP) software in the service of DSD's Top 4 Mitigation Strategies. In fact, through proper configuration of existing technologies, DIISRTE was able to automate the Top 4 Mitigation Strategies as well as 7 of the 35 Strategies also identified as important.

Leveraging its current software to meet requirements was only a piece of the solution. DIISRTE also cultivated change within its IT organization by providing training, ensuring that administrators were granted only the permissions needed, and disabling rights that were not required. DIISRTE is currently  writing a Practical User's Guide for partner organizations that goes beyond technical documentation and outlines the practical steps to replicate DIISRTE's successes, and has already assisted numerous partner organizations implement the top four mitigation strategies.

DIISRTE's approach to implementing DSD's Top 4 Mitigation Strategies has been a road map not only for other Australian organizations, but also for organizations across the globe that are replicating the initiative, and in so doing drastically reducing their vulnerability to targeted attack without any significant investment in new security tools.

About the National Cybersecurity Innovation Awards

The annual U.S. National Cybersecurity Innovation Awards recognize initiatives by companies and government agencies that contribute to significant cyber risk reduction, have not been deployed effectively before in a similar fashion, can be scaled quickly to serve large numbers of people, and should be supported and adopted quickly by many other organizations. Nominators include senior U.S. government officials involved with cybersecurity as well as leaders from major cybersecurity Information Sharing and Analysis Centers.  Corporations and individuals may also nominate innovations.   For the 2012 awards, more than 30 nominations were received and nine were selected. The panel of judges for the 2012 awards is described below.

Sameer Bhalotra served as White House Senior Director for Cybersecurity, leading the national identity management and continuous monitoring initiatives.  He also served as the principal cybersecurity staffer for the Senate Intelligence Committee, which oversees the cyber budgets of the National Security Agency and the other intelligence agencies.  

Tony Sager's stellar career at the National Security Agency spanned 34 years. He headed the Systems & Network Attack Center, oversaw all Red and Blue Team projects, created and headed security product evaluation teams, helped guide the agency's top talent development programs, served as founding director of the Vulnerability Analysis & Operations Group (comprised of 700 of the NSA's top technical cybersecurity specialists), and was the Chief Operating Officer for the Information Assurance Directorate.

Asheem Chandna is the dean of venture capitalists in the cybersecurity field. As a partner at Greylock since 2003, he has helped create and grow multiple security technology businesses to market-leading positions, and successfully merged several into larger companies.  He also serves on the panel of judges for the Wall Street Journal Global Technology Innovation Awards.

Alan Paller is Director of Research at the SANS Institute, where he oversees an international search for people and organizations that have identified important ways to reduce the risk posed by cyber threats. He also oversees the Internet Storm Center and the annual initiative to determine the seven most dangerous new attack vectors.  He co-chairs the DHS Task Force on Cyberskills and the FCC Working Group on Cybersecurity Best Practices in the telecommunications industry.

SOURCE SANS Institute

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
"Venafi has a platform that allows you to manage, centralize and automate the complete life cycle of keys and certificates within the organization," explained Gina Osmond, Sr. Field Marketing Manager at Venafi, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"We're focused on how to get some of the attributes that you would expect from an Amazon, Azure, Google, and doing that on-prem. We believe today that you can actually get those types of things done with certain architectures available in the market today," explained Steve Conner, VP of Sales at Cloudistics, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
For far too long technology teams have lived in siloes. Not only physical siloes, but cultural siloes pushed by competing objectives. This includes informational siloes where business users require one set of data and tech teams require different data. DevOps intends to bridge these gaps to make tech driven operations more aligned and efficient.
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors!
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smart...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...