The SANS Institute announced today that the U.S. Department of State Office of the Chief Information Officer has won the 2011 U.S. National Cybersecurity Innovation Award for significantly improving the effectiveness of the nation’s cyber security for creating, deploying and sharing the Department of State’s unique risk scoring program, which continuously monitors more than 100,000 systems for vulnerabilities and provides daily prioritized security action plans for every Department of State system administrator in the U.S. and in more than 200 countries.
The U.S. State Department is responsible for protecting computer networks for 400 U.S. embassies and offices across 24 time zones. To help protect these networks the State Department pioneered a risk scoring program to make it easier for managers to identify trouble spots, prioritize them, and resolve issues more quickly. The program relies on continuous risk monitoring and threat-based response and has proven to be so effective that the program has become a model for more than 100 state agencies and many commercial organizations. The security program scans every computer, every three to four days, to detect security vulnerabilities and weak configurations, ensures the most important problems are fixed first and publishes monthly grades that celebrates the success of the units doing the best job of protecting their computers. “We know anywhere in the world what our risk is,” says John Streufert, Deputy CIO and Chief Information Security Officer of the department.
via The Sacramento Bee, continued here.