Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/16/2009
12:17 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CIS Names Board Chairman

John Gilligan brings extensive operational security experience in both public and private sectors

Washington, DC " December 16, 2009 " The Center for Internet Security (CIS) today announced that John Gilligan has been elected chairman of the board effective November 3, 2009. Mr. Gilligan is president of the Gilligan Group and a recognized industry expert who brings extensive operational security experience in both public and private sectors to CIS, including federal government positions as Chief Information Officer with the Air Force and the Department of Energy. Among his many industry contributions, Mr. Gilligan has served as a member of the Center for Strategic and International Studies Commission on Cyber Security for the 44th Presidency and has received numerous leadership awards.

Mr. Gilligan succeeds former chairperson Franklin Reeder, president of The Reeder Group and CIS co-founder, who has led the organization since its inception and who will remain on the board. Newly elected to the CIS board is Karen Evans, partner at KE&T Partners and widely acknowledged for her work as the federal government's de facto Chief Information Officer; and Phil Venables, managing director and Chief Information Security Officer for Goldman Sachs.

Today's announcement signifies a transition in board governance that will foster continued public-private collaboration and is reflective of the diverse CIS membership spanning corporate, academic and government sectors.

The call for collaboration between industry and federal government is becoming increasingly vital in order to heighten the security and privacy of Internet-connected systems across all industry sectors and the nation's critical infrastructure. The Center for Internet Security, now entering its tenth year, distributes benchmarks that are globally accepted as the de facto standard for the secure configuration of information technology systems " and is emerging as a premier model for public-private collaboration by fostering consensus between government, education and industry.

"We founded CIS because we were concerned about the state of cyber security in our highly inter-connected community where threats spread rapidly. We knew the answer was not about creating another institution - it was about creating a collaborative mindset," said Frank Reeder, co-founder of CIS. "The initial focus for CIS was filling the void for consensus-based security configuration standards to answer two questions: how do I secure my systems and how much is enough security? Software products are often shipped in unsafe mode, but smart users know how to tighten up configurations to reduce exposure. CIS works to discover, synthesize and disseminate this knowledge - as well as augment it with tools to measure and conform to best practices. As a result of CIS standards adoption and market pressure, we are now seeing vendors ship safer products as well as overall safer practices by user organizations."

Added Reeder, "It's been a privilege to lead CIS for nine years and see this important initiative come to life, especially with the need for pubic-private collaboration more pressing than ever. As CIS approaches its second decade, John brings the necessary combination of passion, experience and community dedication to deliver on and extend this CIS mission."

Other CIS board members include: Alan Paller, co-founder of CIS and research director of the SANS Institute; Ramon Barquin, president of Barquin International; Bruce Molten, vice president of information technology and information security officer for National Grand Bank; Jack Arthur, partner at OCTO Consulting Group and former CIO of the US Forest Service; Clint Kreitner, founding CEO of CIS; and Bert Miuccio, president and CEO of CIS.

"I have been involved in CIS since its inception because of its highly unique collaborative business model. I have witnessed the process in action and CIS is considered the 'gold' standard for reducing vulnerabilities, configuring systems and evaluating software purchases," said Mr. Gilligan.

"The CIS collaborative process results in products that are an order of magnitude better in scope and quality - with only a fraction of the funding of other standards groups. The operating model of CIS fosters effective interaction between government and industry, an essential element of our national cyber security strategy. I look forward to leading CIS and continuing this philosophy," added Gilligan.

CIS Community Develops 50th Consensus Benchmark and Other Milestones

CIS also announced today that it now has delivered more than 50 consensus security configuration benchmarks for operating systems and software applications as well as network, mobile and print devices. Other milestones include:

1,500 Subject Matter Experts (SMEs) have participated in benchmark development

Over 160 organizations are CIS Members

CIS benchmarks cited in some of the most demanding regulations and industry standards for their prescriptive guidance, including Payment Card Industry Data Security Standard (PCI DSS) and FISMA

Tens of thousands of users go to the CIS website every year to download benchmarks and other resources; CIS certified software security vendors ship their products with CIS benchmarks to thousands of other organizations worldwide; and CIS licensed consulting members use CIS benchmarks and scoring tools in their clients as well

"Moving forward, CIS will foster collaboration in the areas of greatest security need, including software application security configuration standards for specific market segments that represent the core pillars of the nation's critical infrastructure - from energy and transportation to banking and healthcare. At the same time, CIS remains committed to maintaining existing benchmarks, advancing development and adoption of consensus security metrics, and continually enhancing the consensus process through automation," said Bert Miuccio, CEO for CIS.

About CIS

The Center for Internet Security (CIS) is a non-profit organization that helps enterprises reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls, and provides enterprises with resources for measuring information security status and making rational security investment decisions. CIS develops and distributes consensus based benchmarks for secure configuration of operating systems, software applications and network devices. The consensus security configuration benchmarks are downloaded more than one million times a year, and are globally accepted as user-originated, de facto standards. More than 150 leading corporations, government entities, universities and security organizations are CIS members. For more information, visit www.cisecurity.org.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.