Australia's Defense Signals Directorate (DSD), a government intelligence agency, has won a security award for setting security standards that are cheaper and more effective than those in place at U.S. government agencies.
The four controls – application updating and patching; operating system patching; whitelisting, and strict account control – were derived from research into security intrusions in military and civilian IT systems.
While the controls were simple, the SANS Institute said they were more effective and cost a “tiny fraction” of those deployed in U.S. cybersecurity programs. Innovation by the Australian agencies "changes the game," the institute said.
Vulnerability researchers Steve Mcleod and Chris Brookes led the DSD team initiative. They published an additional 35 controls that would assist in breach mitigation.
SANS, meanwhile, acknowledged Australia's Defense Secretary Ian Watt for “extraordinary leadership” in advocating that all cabinet agencies implement the four “sweet spot” controls. Low-to-medium intrusions were “no longer a significant problem” in agencies that had implemented the four controls, the institute said.
The award recognizes processes or technologies that have not previously been deployed effectively, significantly reduce IT security risk, could be scaled quickly and should be adopted widely.
The DSD bested 50 nominated and 14 shortlisted organizations.
From: SC Magazine Australia