Alan Paller, co-founder of the Center for Internet Security and internationally recognized leader in cybersecurity, passed away suddenly in 2021. His passing was a big loss for CIS, as Alan had helped guide CIS for over 20 years. In 1999, he had conceived the concept of a trusted, nonprofit organization that could leverage broad collaboration to establish best practice standards in cybersecurity. The Center for Internet Security was chartered a year later. As CIS grew, Alan continued to provide his wisdom and ideas as a member of the CIS Board of Directors. Anyone who knew Alan recognized that he had many ideas to improve cybersecurity. Alan was not content to just come up with good ideas. He consulted with other experts in the field to test and refine his ideas, and then he put his own energy and resources into piloting and proving the concepts. Alan realized that only when good ideas are refined and shown to be measurably effective - in his case, in improving cybersecurity in a practical manner - should one advocate for widespread adoption. As a trusted advisor to Congress, public- and private-sector CIOs and CISOs, and government and industry executives, Alan was passionate in pursuing cybersecurity efforts that were meaningful, measurable, and practical. Alan's concept of collaboratively defining secure configurations for systems - now called the CIS Benchmarks - and providing them for free has been a primary focus of CIS for over 20 years. CIS Benchmarks are downloaded over a million times each year. In 2008, Alan conceived of the concept of identifying a small set of what could be seen as critical security controls that would prove effective in defending against common cyber attacks. Alan recognized that many organizations were struggling to implement elaborate security control frameworks that were comprehensive but were not practical to implement and were not aligned to current threats. Alan's requirement for what is now known as the CIS Critical Security Controls was that each Control be effective in defending against one or more of the most common cyber attack patterns and define measurable criteria for successful implementation. This approach has resulted in the CIS Controls receiving wide adoption by organizations across the globe and increasingly being referenced in legislation as an example of best security practice. Today, organizations around the world use the CIS Controls as they seek to implement control frameworks from PCI DSS, ISO, IEEE, and NIST, particularly where these mandated frameworks lack the specificity needed for measurable implementation. Alan's emphasis on prioritization has resulted in the CIS Controls providing an easily understood roadmap for implementation that helps organizations deal with the questions of "Where do I start?" and "What do I do next?". CIS is pleased to launch the Alan Paller Laureate Program to carry on Alan's philosophy for improving cybersecurity as well as his passion to test and refine new ideas. The Alan Paller Laureate Program is intended to both memorialize Alan's many contributions to CIS as well as to seek out and to sponsor new ideas on how to improve cybersecurity. The Laureate Program will solicit proposals on an annual basis from individuals as well as academic and nonprofit organizations. A board comprised of Alan's colleagues and family will evaluate the proposals against criteria that align with Alan's interest areas: simplifying security controls, automating security enforcement, developing highly skilled cyber experts, and improving cybersecurity curricula. The board will also apply Alan's philosophy by looking for projects that seek to produce measurable results, embrace the concept of practical implementation, and have the potential to significantly improve the state of cybersecurity in the relative near term. The Board of Directors of the Center for Internet Security has established an endowment that will fund the Alan Paller Laureate Program in future years. The CIS Board hopes to use the Alan Paller Laureate Program to stimulate the intellectual curiosity and concept refinement that was a hallmark of how Alan Paller operated. CIS is not looking for a financial return on investment for Alan Paller Laureate Program-sponsored projects. Rather, the goal is that the projects sponsored by the Laureate Program can contribute to improved understanding of implementing effective and measurable improvements in cybersecurity. The CIS Board and employees believe in this way that the Laureate Program can continue the truly amazing legacy of Alan Paller long into the future.
This Cyber News was published on www.cisecurity.org. Publication date: Tue, 07 Feb 2023 22:17:02 +0000