New International Consortium to Support 11 Developments Shaping the Future of Cybersecurity Practices in Industry and

New International Consortium to Support 11 Developments Shaping the Future of
              Cybersecurity Practices in Industry and Government

PR Newswire

WASHINGTON, Oct. 31, 2012

Conference Call Set for Monday, November 5th

WASHINGTON, Oct. 31, 2012 /PRNewswire-USNewswire/ --The Consortium for
Cybersecurity Action (CCA), a newly-formed international consortium of
government agencies and private organizations from around the world, will host
a Conference Call to promote the most effective approaches to cybersecurity
and support 11 key developments that are shaping events.

The Conference Call is scheduled for Monday, November 5th at 11:00 a.m. EST.
Dial-in instructions:

Domestic (Dial-in): 877-268-9432
International (Dial-in): 817-755-8752
Conference Call ID# 63979758

The briefing will feature analysis by the world's top security experts of 11
major "headlines" about efforts to prevent and thwart cyber attacks. The
experts will also discuss the most effective ways for organizations to
implement the newly updated Critical Controls, a prioritized, risk-based set
of information security measures to defend against myriad internal and
external threats.

The major cybersecurity headlines for discussion are:

1.The United States, United Kingdom, Australia and dozens of major agencies
    and corporations (see list below) agree to cooperate in defining and
    promoting the most effective controls for computer and network security
    and the most rapid and cost-effective ways to deploy them.
2.Tony Sager, most recently Chief Operating Officer of the National Security
    Agency's Information Assurance Directorate, agrees to lead the CCA. Sager
    heads the list of experts who will conduct the Conference Call, along with
    Dr. Eric Cole, Randy Marchany, and Alan Paller.
3.The CCA releases the updated (Version 4.0) Critical Controls for Effective
    Cyber Defense document reflecting improved consensus on global risk
    assessment and the most effective actions enterprises can take to manage
    risk. The updated Controls will be published November 5th and available
    online at www.sans.org/critical-security-controls/.
4.The British government's Center for the Protection of National
    Infrastructure (CPNI) describes the Critical Controls as the "baseline of
    high-priority information security measures and controls that can be
    applied across an organisation in order to improve its cyber defence."
    CPNI is mapping its guidance products against the controls to assist
    organizations with implementation.
5.The Australian Defence Signals Directorate revises its "35 Strategies to
    Mitigate Targeted Cyber Intrusions" and re-ranks the "Top 4 Mitigation
    Strategies to Protect Your ICT System."Available online
    atwww.dsd.gov.au/publications/csocprotect/top_4_mitigations.htm.
    Educational video available atwww.dsd.gov.au/videos/catch-patch-match.htm
6.The U.S. Department of Homeland Security announces a large procurement
    package to automate the first five of the Critical Controls across .gov
    networks with buying options for federal cloud initiatives and state and
    local governments. In its procurement process theDHS has adopted
    Australia's top priority strategies (whitelisting, configuration and
    patching) as core elements of its first phase of a large contract
    implementing the Critical Controls.
7.The U.S. Federal Communications Commission launches a task force to
    determine how the Critical Controls can best be applied to protect the
    telecommunications industry.
8.The CCA announces it will publish Quarterly Updates to ensure that all
    consortium members have access to the most current threat information and
    that the controls are updated annually to address cutting-edge threats and
    vulnerabilities.
9.Training programs on the Critical Controls and the Top 4 Mitigation
    Strategies planned for the Asia-Pacific region, Europe, and United States
    over the next seven months.
10.The states of Ohio and Colorado adopt the Critical Controls as their
    cybersecurity standard.
11.Virginia Tech University adopts the Critical Controls as its cybersecurity
    standard. VT is polling other schools to determine which others have made
    similar decisions.

The CCA will serve as an ongoing mechanism to bring together community
expertise on attacks and threats; identify and prioritize the most effective
defensive controls (based on performance in stopping attacks); identify tools
and processes to support implementation; encourage and support adoption of the
Critical Controls by organizations, standards bodies, and governments; and
enable the world community to share cyber defense information and effective
practices.

The Critical Controls are specific guidelines that CISOs, CIOs, IGs, systems
administrators, and information security personnel can use to both manage and
measure the effectiveness of their defenses. They are designed to complement
existing standards, frameworks, compliance schemes, etc. by bringing priority
and focus to the most critical threat and highest payoff defenses, while
providing a common baseline for action against the risks that we all face.

Members of the Consortium of Government Agencies and Private Organizations
Working toward Defining the Consensus List of Critical Security Controls

American Express                  Australian Government - Innovations
Australian Defence Signals        Booz Allen Hamilton
Directorate
Citibank                         Core Security
Centre for the Protection of      Department of Defense Cyber Crime Center
National Infrastructure
Department of Homeland Security   Defense Information Systems Agency
Department of Defense             Goldman Sachs
Mandiant                         McAfee
Mitre                            nCircle
National Security Agency        Qualys 
Symantec                          Tenable

SOURCE SANS Institute

Website: http://www.sans.org
Contact: Tony Sager, +1-443-952-0542, tsager@sans.org
 
Press spacebar to pause and continue. Press esc to stop.