The innovation: Creating a statewide information security officer certification program
WASHINGTON DC, November 13, 2012 - The SANS Institute today announced that the Department of Technology & Information for the State of Delaware has won a 2012 U.S. National Cybersecurity Innovation Award for creating a statewide information security officer certification program.
The Delaware program is based on statewide Information Security Officer (ISO) team. All state agencies are required to designate one to three ISOs who are responsible for all of their agency's security matters, including information security, physical security, confidentiality, and privacy.
The importance and visibility of the work of the security officers has grown dramatically and requires that they stay current in their field. A Delaware Certified Information Security Officer (DCISO) achieves full certification by completing four core requirements over a 24-month period, including attending ISO meetings, conducting security training for their agency's employees, carrying out surprise inspections for data leakage, and taking elective continuing education credits in vulnerability scanning and risk assessment. ISOs track their certification credits using a DCISO portal modeled after other professional certification sites.
The certification program was created by the Delaware ISOs with input and feedback from members. The program enables the security officers to demonstrate their knowledge of information security, enhance their careers by strengthening their credentials, and confirm their security commitment to their leadership team. The DCISO innovation was designed to scale to statewide implementation, including all three branches of government and the K-12 education community.
The annual U.S. National Cybersecurity Innovation Awards recognize initiatives by companies and government agencies that contribute to significant cyber risk reduction, have not been deployed effectively before in a similar fashion, can be scaled quickly to serve large numbers of people, and should be supported and adopted quickly by other organizations. Nominators include senior U.S. government officials involved with cybersecurity as well as leaders from major cybersecurity Information Sharing and Analysis Centers. Corporations and individuals may also nominate innovations. For the 2012 awards, more than 30 nominations were received and nine were selected. The panel of judges for the 2012 awards is described below.
Sameer Bhalotra served as the White House Senior Director of Cybersecurity, leading national identity management and continuous monitoring initiatives. He also served as the principal cybersecurity staffer for the Senate Intelligence Committee, which oversees the cyber budgets of the National Security Agency and the other intelligence agencies.
Tony Sager's stellar career at the National Security Agency spanned 34 years. He headed the Systems & Network Attack Center, oversaw all Red and Blue Team projects, created and headed security product evaluation teams, helped guide the agency's top talent development programs, served as founding director of the Vulnerability Analysis & Operations Group (comprised of 700 of the NSA's top technical cybersecurity specialists), and was the Chief Operating Officer for the Information Assurance Directorate.
Asheem Chandna is the dean of venture capitalists in the cybersecurity field. As a partner at Greylock since 2003, he has helped create and grow multiple security technology businesses to market-leading positions, and successfully merged several into larger companies. He also serves on the panel of judges for the Wall Street Journal Global Technology Innovation Awards.
Alan Paller is Director of Research at the SANS Institute, where he oversees an international search for people and organizations that have identified important ways to reduce the risk posed by cyber threats. He also oversees the Internet Storm Center and the annual initiative to determine the seven most dangerous new attack vectors. He co-chairs the DHS Task Force on Cyberskills and the FCC Working Group on Cybersecurity Best Practices in the telecommunications industry.
Director of Research
(301) 951-0102 x108