CIS Establishes the Alan Paller Laureate Program

Alan Paller, co-founder of the Center for Internet Security and internationally recognized leader in cybersecurity, passed away suddenly in 2021. His passing was a big loss for CIS, as Alan had helped guide CIS for over 20 years. In 1999, he had conceived the concept of a trusted, nonprofit organization that could leverage broad collaboration to establish best practice standards in cybersecurity. The Center for Internet Security was chartered a year later. As CIS grew, Alan continued to provide his wisdom and ideas as a member of the CIS Board of Directors. Anyone who knew Alan recognized that he had many ideas to improve cybersecurity. Alan was not content to just come up with good ideas. He consulted with other experts in the field to test and refine his ideas, and then he put his own energy and resources into piloting and proving the concepts. Alan realized that only when good ideas are refined and shown to be measurably effective - in his case, in improving cybersecurity in a practical manner - should one advocate for widespread adoption. As a trusted advisor to Congress, public- and private-sector CIOs and CISOs, and government and industry executives, Alan was passionate in pursuing cybersecurity efforts that were meaningful, measurable, and practical. Alan's concept of collaboratively defining secure configurations for systems - now called the CIS Benchmarks - and providing them for free has been a primary focus of CIS for over 20 years. CIS Benchmarks are downloaded over a million times each year. In 2008, Alan conceived of the concept of identifying a small set of what could be seen as critical security controls that would prove effective in defending against common cyber attacks. Alan recognized that many organizations were struggling to implement elaborate security control frameworks that were comprehensive but were not practical to implement and were not aligned to current threats. Alan's requirement for what is now known as the CIS Critical Security Controls was that each Control be effective in defending against one or more of the most common cyber attack patterns and define measurable criteria for successful implementation. This approach has resulted in the CIS Controls receiving wide adoption by organizations across the globe and increasingly being referenced in legislation as an example of best security practice. Today, organizations around the world use the CIS Controls as they seek to implement control frameworks from PCI DSS, ISO, IEEE, and NIST, particularly where these mandated frameworks lack the specificity needed for measurable implementation. Alan's emphasis on prioritization has resulted in the CIS Controls providing an easily understood roadmap for implementation that helps organizations deal with the questions of "Where do I start?" and "What do I do next?". CIS is pleased to launch the Alan Paller Laureate Program to carry on Alan's philosophy for improving cybersecurity as well as his passion to test and refine new ideas. The Alan Paller Laureate Program is intended to both memorialize Alan's many contributions to CIS as well as to seek out and to sponsor new ideas on how to improve cybersecurity. The Laureate Program will solicit proposals on an annual basis from individuals as well as academic and nonprofit organizations. A board comprised of Alan's colleagues and family will evaluate the proposals against criteria that align with Alan's interest areas: simplifying security controls, automating security enforcement, developing highly skilled cyber experts, and improving cybersecurity curricula. The board will also apply Alan's philosophy by looking for projects that seek to produce measurable results, embrace the concept of practical implementation, and have the potential to significantly improve the state of cybersecurity in the relative near term. The Board of Directors of the Center for Internet Security has established an endowment that will fund the Alan Paller Laureate Program in future years. The CIS Board hopes to use the Alan Paller Laureate Program to stimulate the intellectual curiosity and concept refinement that was a hallmark of how Alan Paller operated. CIS is not looking for a financial return on investment for Alan Paller Laureate Program-sponsored projects. Rather, the goal is that the projects sponsored by the Laureate Program can contribute to improved understanding of implementing effective and measurable improvements in cybersecurity. The CIS Board and employees believe in this way that the Laureate Program can continue the truly amazing legacy of Alan Paller long into the future.

This Cyber News was published on www.cisecurity.org. Publication date: Tue, 07 Feb 2023 22:17:02 +0000


Cyber News related to CIS Establishes the Alan Paller Laureate Program

CIS Establishes the Alan Paller Laureate Program - Alan Paller, co-founder of the Center for Internet Security and internationally recognized leader in cybersecurity, passed away suddenly in 2021. His passing was a big loss for CIS, as Alan had helped guide CIS for over 20 years. In 1999, he had ...
1 year ago Cisecurity.org
Latest Release of CIS Security Standards for February 2023 - We are delighted to announce the release of the new CIS pfSense Firewall Benchmark v1.0.0! We would like to express our gratitude to Touhid Shaikh and Daniel Brown for their hard work and communication which made this release possible. CIS ...
1 year ago Cisecurity.org
Expanding the Availability of CIS Hardened Images on Oracle - Some IT and security leaders lack confidence in their ability to secure their workloads in the cloud. That's not necessarily affecting public cloud spending. According to Gartner, global end-user spending on public cloud services will reach $591.8 ...
1 year ago Cisecurity.org
KubeCon 2023: Not Your Father's Tenable - Look, full disclosure, I've been working with Tenable for 20 since I think Ron Gula and Renaud started Tenable. Alan Shimel: That'd be around 2001, maybe, I'm going to guess because that's when I had started my security company. We get a lot of ...
1 year ago Securityboulevard.com
NASCIO, PTI on What's Coming in 2024 for State and Local IT - Every January, NASCIO and PTI release their forecasts for the coming year based on what government leaders are saying. Adobe Stock/OleCNX. When Doug Robinson speaks, the government technology community listens. He has been the exceptional executive ...
10 months ago Securityboulevard.com
Accelerate essential cyber hygiene for your small business - Cyber threat actors are increasingly setting their sights on small businesses. If successful, their attack attempts can be devastating. IG1 is one of three Implementation Groups of the CIS Controls. It's special because it lists fundamental steps ...
11 months ago Helpnetsecurity.com
Ambitious Training Initiative Taps Talents of Blind and Visually Impaired - When David Mayne first started looking for a job in cybersecurity, the recruiter at his first-choice company told him no. Mayne had already overcome tremendous hardship, losing his eye and his leg following a severe car accident, then finding a way ...
8 months ago Darkreading.com
Microsoft launches Defender Bounty Program with $20,000 rewards - Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based ...
1 year ago Bleepingcomputer.com
CVE-2009-3486 - Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the ...
15 years ago
Dragos Offers Free OT Security Tools to Small Utilities - Cybersecurity vendor Dragos will provide free operational technology security software to small water, electric, and natural gas providers, an offer that comes as critical infrastructure comes under increasing attack. The program initially will be ...
1 year ago Securityboulevard.com
Hacking Protected Java-Based Programs - This article provides examples of hacking techniques that can help Java developers avoid vulnerabilities in their programs. It is not intended to train hackers but rather for naive developers who think that standard obfuscators will save them from ...
11 months ago Feeds.dzone.com
US Privacy Groups Urge Senate Not to Ram Through NSA Spying Powers - Some of the United States' largest civil liberties groups are urging Senate majority leader Chuck Schumer not to pursue a short-term extension of the Section 702 surveillance program slated to sunset on December 31. The more than 20 groups-Demand ...
1 year ago Wired.com
Before starting your 2024 security awareness program, ask these 10 questions - As Q1 of the new year blasts off, you might feel eager to jump into your 2024 security awareness program immediately. Knowing this will allow you to have these customized groups and targeted training ready in advance, so teams don't unknowingly start ...
11 months ago Securityboulevard.com
CVE-2021-47128 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
Week in review: 15 million Trello users' scraped data on sale, attackers can steal NTLM hashes - The reality of hacking threats in connected car systemsIn this Help Net Security interview, Ivan Reedman, Director of Secure Engineering at IOActive, discusses how manufacturers, government regulations, and consumers are adapting to these new ...
10 months ago Helpnetsecurity.com
Red Hat Enterprise Linux 7: End of compliance content on June 30, 2024 - As of Jun 30, 2024, the Red Hat Enterprise Linux 7 maintenance support 2 phase ends and Red Hat will no longer update compliance content for RHEL 7. Many policy providers, such as CIS and DISA, will no longer update their policies once maintenance ...
8 months ago Redhat.com
CVE-2022-24826 - On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does ...
2 years ago
CVE-2023-52828 - In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpf_throw kfunc is the first such call instruction that has noreturn semantics within the verifier, this also kicks in dead ...
7 months ago Tenable.com
CVE-2021-32629 - Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario ...
1 year ago
FCC proposes 3-year cybersecurity pilot for schools, libraries - Dive Brief: The Federal Communications Commission this week proposed a three-year pilot program to study how the agency's Universal Service Fund can help schools and libraries fight cybersecurity threats. The pilot program, which would cost up to ...
1 year ago Cybersecuritydive.com
FBI Chief Makes Fresh Pitch for Spy Program Renewal and Says It'd Be 'Devastating' If It Lapsed - At issue is Section 702 of the Foreign Intelligence Surveillance Act, which allows the US government to collect without a warrant the communications of targeted foreigners outside the United States. Law enforcement and intelligence officials see the ...
1 year ago Securityweek.com
US Lawmakers Want to Use a Powerful Spy Tool on Immigrants and Their Families - The 702 program is slated to expire on January 1, 2024. Lawmakers in the House and Senate are rushing to find a solution that would enable the program to continue despite growing mistrust from lawmakers and the public following years of unauthorized ...
1 year ago Wired.com
Mastering Cybersecurity: Developer Training - Discover how to create an effective and engaging training program for your developers. Create a security training program with clearly defined goals to influence your developers to prioritize learning. Developers are likelier to participate and exert ...
11 months ago Feeds.dzone.com
Partnering with Government to Strengthen Cyber Resilience in Poland - We are honored to partner with the Polish Government as part of its Polish Cybersecurity Partnership Program program to help expand the country's national cybersecurity capabilities, enhance its cyber defenses, and increase public awareness of the ...
11 months ago Paloaltonetworks.com
How to Create a Threat Hunting Program for Your Business - A threat hunter's job is to proactively seek out potential problems and stop them before they have a chance to harm a company's network. Here's how businesses can create their own threat hunting programs and why it's important to do so. As well as ...
10 months ago Cyberdefensemagazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)