Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

CIS Establishes the Alan Paller Laureate Program

Alan Paller, co-founder of the Center for Internet Security and internationally recognized leader in cybersecurity, passed away suddenly in 2021. His passing was a big loss for CIS, as Alan had helped guide CIS for over 20 years. In 1999, he had conceived the concept of a trusted, nonprofit organization that could leverage broad collaboration to establish best practice standards in cybersecurity. The Center for Internet Security was chartered a year later. As CIS grew, Alan continued to provide his wisdom and ideas as a member of the CIS Board of Directors. Anyone who knew Alan recognized that he had many ideas to improve cybersecurity. Alan was not content to just come up with good ideas. He consulted with other experts in the field to test and refine his ideas, and then he put his own energy and resources into piloting and proving the concepts. Alan realized that only when good ideas are refined and shown to be measurably effective - in his case, in improving cybersecurity in a practical manner - should one advocate for widespread adoption. As a trusted advisor to Congress, public- and private-sector CIOs and CISOs, and government and industry executives, Alan was passionate in pursuing cybersecurity efforts that were meaningful, measurable, and practical. Alan's concept of collaboratively defining secure configurations for systems - now called the CIS Benchmarks - and providing them for free has been a primary focus of CIS for over 20 years. CIS Benchmarks are downloaded over a million times each year. In 2008, Alan conceived of the concept of identifying a small set of what could be seen as critical security controls that would prove effective in defending against common cyber attacks. Alan recognized that many organizations were struggling to implement elaborate security control frameworks that were comprehensive but were not practical to implement and were not aligned to current threats. Alan's requirement for what is now known as the CIS Critical Security Controls was that each Control be effective in defending against one or more of the most common cyber attack patterns and define measurable criteria for successful implementation. This approach has resulted in the CIS Controls receiving wide adoption by organizations across the globe and increasingly being referenced in legislation as an example of best security practice. Today, organizations around the world use the CIS Controls as they seek to implement control frameworks from PCI DSS, ISO, IEEE, and NIST, particularly where these mandated frameworks lack the specificity needed for measurable implementation. Alan's emphasis on prioritization has resulted in the CIS Controls providing an easily understood roadmap for implementation that helps organizations deal with the questions of "Where do I start?" and "What do I do next?". CIS is pleased to launch the Alan Paller Laureate Program to carry on Alan's philosophy for improving cybersecurity as well as his passion to test and refine new ideas. The Alan Paller Laureate Program is intended to both memorialize Alan's many contributions to CIS as well as to seek out and to sponsor new ideas on how to improve cybersecurity. The Laureate Program will solicit proposals on an annual basis from individuals as well as academic and nonprofit organizations. A board comprised of Alan's colleagues and family will evaluate the proposals against criteria that align with Alan's interest areas: simplifying security controls, automating security enforcement, developing highly skilled cyber experts, and improving cybersecurity curricula. The board will also apply Alan's philosophy by looking for projects that seek to produce measurable results, embrace the concept of practical implementation, and have the potential to significantly improve the state of cybersecurity in the relative near term. The Board of Directors of the Center for Internet Security has established an endowment that will fund the Alan Paller Laureate Program in future years. The CIS Board hopes to use the Alan Paller Laureate Program to stimulate the intellectual curiosity and concept refinement that was a hallmark of how Alan Paller operated. CIS is not looking for a financial return on investment for Alan Paller Laureate Program-sponsored projects. Rather, the goal is that the projects sponsored by the Laureate Program can contribute to improved understanding of implementing effective and measurable improvements in cybersecurity. The CIS Board and employees believe in this way that the Laureate Program can continue the truly amazing legacy of Alan Paller long into the future.

This Cyber News was published on www.cisecurity.org. Publication date: Tue, 07 Feb 2023 22:17:02 +0000

Cyber News related to CIS Establishes the Alan Paller Laureate Program

CIS Establishes the Alan Paller Laureate Program - Alan Paller, co-founder of the Center for Internet Security and internationally recognized leader in cybersecurity, passed away suddenly in 2021. His passing was a big loss for CIS, as Alan had helped guide CIS for over 20 years. In 1999, he had ...
2 years ago Cisecurity.org

Latest Release of CIS Security Standards for February 2023 - We are delighted to announce the release of the new CIS pfSense Firewall Benchmark v1.0.0! We would like to express our gratitude to Touhid Shaikh and Daniel Brown for their hard work and communication which made this release possible. CIS ...
2 years ago Cisecurity.org

Expanding the Availability of CIS Hardened Images on Oracle - Some IT and security leaders lack confidence in their ability to secure their workloads in the cloud. That's not necessarily affecting public cloud spending. According to Gartner, global end-user spending on public cloud services will reach $591.8 ...
2 years ago Cisecurity.org

KubeCon 2023: Not Your Father's Tenable - Look, full disclosure, I've been working with Tenable for 20 since I think Ron Gula and Renaud started Tenable. Alan Shimel: That'd be around 2001, maybe, I'm going to guess because that's when I had started my security company. We get a lot of ...
1 year ago Securityboulevard.com

NASCIO, PTI on What's Coming in 2024 for State and Local IT - Every January, NASCIO and PTI release their forecasts for the coming year based on what government leaders are saying. Adobe Stock/OleCNX. When Doug Robinson speaks, the government technology community listens. He has been the exceptional executive ...
1 year ago Securityboulevard.com

Accelerate essential cyber hygiene for your small business - Cyber threat actors are increasingly setting their sights on small businesses. If successful, their attack attempts can be devastating. IG1 is one of three Implementation Groups of the CIS Controls. It's special because it lists fundamental steps ...
1 year ago Helpnetsecurity.com

Ambitious Training Initiative Taps Talents of Blind and Visually Impaired - When David Mayne first started looking for a job in cybersecurity, the recruiter at his first-choice company told him no. Mayne had already overcome tremendous hardship, losing his eye and his leg following a severe car accident, then finding a way ...
1 year ago Darkreading.com Inception

CVE-2024-56786 - In the Linux kernel, the following vulnerability has been resolved: bpf: put bpf_link's program when link is safe to be deallocated In general, BPF link's underlying BPF program should be considered to be reachable through attach hook -> link -> prog ...
7 months ago Tenable.com

Microsoft launches Defender Bounty Program with $20,000 rewards - Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based ...
1 year ago Bleepingcomputer.com

Dragos Offers Free OT Security Tools to Small Utilities - Cybersecurity vendor Dragos will provide free operational technology security software to small water, electric, and natural gas providers, an offer that comes as critical infrastructure comes under increasing attack. The program initially will be ...
1 year ago Securityboulevard.com

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2009-3486 - Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the ...
15 years ago

Hacking Protected Java-Based Programs - This article provides examples of hacking techniques that can help Java developers avoid vulnerabilities in their programs. It is not intended to train hackers but rather for naive developers who think that standard obfuscators will save them from ...
1 year ago Feeds.dzone.com

CVE-2024-47794 - In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming ...
7 months ago Tenable.com

CVE-2025-37953 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

US Privacy Groups Urge Senate Not to Ram Through NSA Spying Powers - Some of the United States' largest civil liberties groups are urging Senate majority leader Chuck Schumer not to pursue a short-term extension of the Section 702 surveillance program slated to sunset on December 31. The more than 20 groups-Demand ...
1 year ago Wired.com

Before starting your 2024 security awareness program, ask these 10 questions - As Q1 of the new year blasts off, you might feel eager to jump into your 2024 security awareness program immediately. Knowing this will allow you to have these customized groups and targeted training ready in advance, so teams don't unknowingly start ...
1 year ago Securityboulevard.com

CVE-2021-47128 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

CISA Confirms Continued Support for CVE Program, No Funding Issues - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reaffirmed its strong commitment to the Common Vulnerabilities and Exposures (CVE) Program, following recent public reports that inaccurately suggested the program was in jeopardy ...
4 months ago Cybersecuritynews.com

Week in review: 15 million Trello users' scraped data on sale, attackers can steal NTLM hashes - The reality of hacking threats in connected car systemsIn this Help Net Security interview, Ivan Reedman, Director of Secure Engineering at IOActive, discusses how manufacturers, government regulations, and consumers are adapting to these new ...
1 year ago Helpnetsecurity.com Cozy Bear

Red Hat Enterprise Linux 7: End of compliance content on June 30, 2024 - As of Jun 30, 2024, the Red Hat Enterprise Linux 7 maintenance support 2 phase ends and Red Hat will no longer update compliance content for RHEL 7. Many policy providers, such as CIS and DISA, will no longer update their policies once maintenance ...
1 year ago Redhat.com

SAP NetWeaver Vulnerability Exploited in Wild by Chinese Hackers - The exploitation technique uses HTTP request smuggling to bypass security controls and trigger a memory corruption vulnerability. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability ...
3 months ago Cybersecuritynews.com CVE-2023-7629

CVE-2022-24826 - On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does ...
3 years ago

CVE-2023-52828 - In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpf_throw kfunc is the first such call instruction that has noreturn semantics within the verifier, this also kicks in dead ...
1 year ago Tenable.com

CVE-2025-38502 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago

CVE-2021-32629 - Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario ...
2 years ago