National Institute of Standards and Technology senior scientist Ron Ross honored for creating risk management framework.
5 Helpful Online Services From Uncle Sam
(click image for larger view)
The federal cybersecurity community on Tuesday honored some of this year's outstanding achievers who have helped improve computer security in the government, including one of its own for his work establishing cybersecurity requirements for federal agencies.
(ISC)2, the not-for-profit organization for information security, awarded Dr. Ronald Ross, senior fellow at the National Institute of Standards and Technology (NIST), the inaugural Lynn F. McNulty Tribute Award at its annual Government Information Security Leadership Award gala. Ross received the award for his visionary work in leading the Federal Information Security Management Act (FISMA) implementation project and serving as principal architect of the NIST Risk Management Framework.
"Ron's insight and leadership in producing a library of guidance publications over the past decade has greatly contributed to the advancement of information security in government and around the world," said Peter Gouldmann, director of information risk programs, Office of Information Assurance at the State Department. "His highly collaborative approach, incorporating government and industry, has resulted in products that are being adopted and adapted for use on national security systems, transcending the unclassified and classified systems landscape."
Judges drawn from the group's U.S. Government Advisory Board for Cyber Security made awards in several categories.
The Mobile Technology Tiger Team, composed of 43 members across a number of agencies and led by the Department of Homeland Security's Roger Seeholzer, security architect, was recognized for its development of a common criterion for mobile computing programs. The team gained approval for the Federal Mobile Security Baseline and Mobile Computing Decision Framework to be distributed government-wide, saving agencies money and advancing the DHS's effort to enable safe and secure delivery of digital information and services.
The HQ Army Materiel Command's Task Force Cyber Team, headed by Wendy Huskey, deputy information assurance program manager, was recognized for its contributions to improved community awareness of cybersecurity issues and compliance. The team worked on information security education and awareness for more than 70,000 military and civilian employees throughout all 50 states and 150 countries. The AMC, the Army's largest command, has become the second-best trained and certified compliant command, maintaining a 98% overall information assurance position.
The USDA's National Information Technology Center's Cloud Service Provider FedRAMP Certification Team, led by James Steven, the associate CIO, was recognized for "technology improvement". The team worked with the FedRAMP Project Management Office to make NITC the first federal agency to earn FedRAMP certification for its government-owned and managed Enterprise Data Center cloud service -- and it completed the project two months early and under budget.
Maj. Gen. Earl Matthews, director of Cyberspace Operations for the Air Force and leader of the AF Cyberspace Workforce Development Program, was recognized for "workforce improvement". Matthews and his staff, collaborating with the White House, partnered with industry on a "Transitioning Service Member" pilot program; started the pilot "Knowledge Ops Management Center"; and launched the first "Year of the Cyber Civilian" campaign to address career transitions for 19,000 civilians.
Advanced Information Services Inc. was honored for the work of the Registration, Compliance, and Verification Modernization Team at the Selective Service System. Led by AIS program manager David Ratnaraj, the 17-person team replaced a mission-critical legacy mainframe system with a Web-enabled, SOA-based solution. The team had no cybersecurity vulnerabilities in more than 680,000 source lines of code, and built in security incrementally throughout the software development life cycle, providing an annual cost avoidance of $2.5 million for the agency.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?