New International Consortium to Support 11 Developments Shaping the Future of
Cybersecurity Practices in Industry and Government
WASHINGTON, Oct. 31, 2012
Conference Call Set for Monday, November 5th
WASHINGTON, Oct. 31, 2012 /PRNewswire-USNewswire/ --The Consortium for
Cybersecurity Action (CCA), a newly-formed international consortium of
government agencies and private organizations from around the world, will host
a Conference Call to promote the most effective approaches to cybersecurity
and support 11 key developments that are shaping events.
The Conference Call is scheduled for Monday, November 5th at 11:00 a.m. EST.
Domestic (Dial-in): 877-268-9432
International (Dial-in): 817-755-8752
Conference Call ID# 63979758
The briefing will feature analysis by the world's top security experts of 11
major "headlines" about efforts to prevent and thwart cyber attacks. The
experts will also discuss the most effective ways for organizations to
implement the newly updated Critical Controls, a prioritized, risk-based set
of information security measures to defend against myriad internal and
The major cybersecurity headlines for discussion are:
1.The United States, United Kingdom, Australia and dozens of major agencies
and corporations (see list below) agree to cooperate in defining and
promoting the most effective controls for computer and network security
and the most rapid and cost-effective ways to deploy them.
2.Tony Sager, most recently Chief Operating Officer of the National Security
Agency's Information Assurance Directorate, agrees to lead the CCA. Sager
heads the list of experts who will conduct the Conference Call, along with
Dr. Eric Cole, Randy Marchany, and Alan Paller.
3.The CCA releases the updated (Version 4.0) Critical Controls for Effective
Cyber Defense document reflecting improved consensus on global risk
assessment and the most effective actions enterprises can take to manage
risk. The updated Controls will be published November 5th and available
online at www.sans.org/critical-security-controls/.
4.The British government's Center for the Protection of National
Infrastructure (CPNI) describes the Critical Controls as the "baseline of
high-priority information security measures and controls that can be
applied across an organisation in order to improve its cyber defence."
CPNI is mapping its guidance products against the controls to assist
organizations with implementation.
5.The Australian Defence Signals Directorate revises its "35 Strategies to
Mitigate Targeted Cyber Intrusions" and re-ranks the "Top 4 Mitigation
Strategies to Protect Your ICT System."Available online
Educational video available atwww.dsd.gov.au/videos/catch-patch-match.htm
6.The U.S. Department of Homeland Security announces a large procurement
package to automate the first five of the Critical Controls across .gov
networks with buying options for federal cloud initiatives and state and
local governments. In its procurement process theDHS has adopted
Australia's top priority strategies (whitelisting, configuration and
patching) as core elements of its first phase of a large contract
implementing the Critical Controls.
7.The U.S. Federal Communications Commission launches a task force to
determine how the Critical Controls can best be applied to protect the
8.The CCA announces it will publish Quarterly Updates to ensure that all
consortium members have access to the most current threat information and
that the controls are updated annually to address cutting-edge threats and
9.Training programs on the Critical Controls and the Top 4 Mitigation
Strategies planned for the Asia-Pacific region, Europe, and United States
over the next seven months.
10.The states of Ohio and Colorado adopt the Critical Controls as their
11.Virginia Tech University adopts the Critical Controls as its cybersecurity
standard. VT is polling other schools to determine which others have made
The CCA will serve as an ongoing mechanism to bring together community
expertise on attacks and threats; identify and prioritize the most effective
defensive controls (based on performance in stopping attacks); identify tools
and processes to support implementation; encourage and support adoption of the
Critical Controls by organizations, standards bodies, and governments; and
enable the world community to share cyber defense information and effective
The Critical Controls are specific guidelines that CISOs, CIOs, IGs, systems
administrators, and information security personnel can use to both manage and
measure the effectiveness of their defenses. They are designed to complement
existing standards, frameworks, compliance schemes, etc. by bringing priority
and focus to the most critical threat and highest payoff defenses, while
providing a common baseline for action against the risks that we all face.
Members of the Consortium of Government Agencies and Private Organizations
Working toward Defining the Consensus List of Critical Security Controls
American Express Australian Government - Innovations
Australian Defence Signals Booz Allen Hamilton
Citibank Core Security
Centre for the Protection of Department of Defense Cyber Crime Center
Department of Homeland Security Defense Information Systems Agency
Department of Defense Goldman Sachs
National Security Agency Qualys
SOURCE SANS Institute
Contact: Tony Sager, +1-443-952-0542, firstname.lastname@example.org
Press spacebar to pause and continue. Press esc to stop.