Cisco wins National Cybersecurity Innovation Award in meeting the need for critical cybersecurity skills
Date: Fri, 11/04/2011 - 16:49 Source: SANS Institute
Security Knowledge Empowerment (SKE) program develops key security knowledge of information technology architects, enabling them to become "security sensors"
The SANS Institute announced that Cisco has won the 2011 U.S. National Cybersecurity Innovation Award for developing and sharing with the IT community a scalable solution to the challenge of baking security into internal systems and into products offered to clients.
Securely designed and engineered applications provide a far more defensible base of operations than applications that have security bolted on at the end. Efforts to bake security in from the beginning have been hindered by the shortage of skilled security architects and engineers. Failing to find the necessary talent, most organizations are forced to deploy systems built with insufficient attention to security architecture.
Cisco discovered and developed an innovative solution to this problem, dividing the job of "baking security in" into two parts. One part is performed by IT architects who have been allowed to attend the Security Knowledge Empowerment (SKE) class taught by Cisco's top security architects. The IT architects bring their security training to nearly every design meeting, and they are primed to recognize what goes wrong when certain design decisions are made and when data flows in specific ways. They know the six "gates" through which each application must pass, the questions that should be asked at every gate, and what the answers should look like. They are not security engineers but they are security "sensors" who can spot trouble and call in appropriate security engineers to solve problems. These human sensors often become converts and powerful advocates for security when they realize they can make a difference.
The SKE (Security Knowledge Empowerment) program is being deployed to IT architects and engineers throughout Cisco and is expanding to Cisco program and service managers. Cisco's senior security architects are actively sharing the program with other organizations, many of whom are adapting the program.
Cisco wins the 2011 National Cybersecurity Innovation Award for developing world-class Cybersecurity talent by training IT architects to be security architecture sensors, enabling security to be baked into software applications.
About the National Cybersecurity Innovation Awards
The National Cybersecurity Innovation Awards recognize developments undertaken by companies and government agencies who have developed and deployed innovative processes or technologies which are innovative in that it has not been deployed effectively before, can show a significant impact on reducing cyber risk, can be scaled quickly to serve large numbers of people, and should be adopted quickly by many other organizations. Nominations included most senior government officials involved with Cybersecurity as well as those from major Cybersecurity Information Sharing and Analysis Centers (ISACs). Corporations and individuals, including SANS instructors, also nominated innovations and each nomination was tested by the SANS Institute research department. More than 50 nominations were received and 14 were selected.
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and by far the largest source for information security training and security certification in the world. In addition to world-class training, SANS offers certification via the ANSI accredited GIAC security certification program. SANS offers a myriad of free resources to the Infosec community including consensus projects, research reports, newsletters, and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.