PALM HARBOR, Fla., Oct. 7 /PRNewswire/ -- (ISC)2® ("ISC-squared"), the world's largest information security professional body and administrators of the CISSP®, today announced the winners of its seventh annual U.S. Government Information Security Leadership Awards (GISLAs).
GISLA judges, who include some of the most accomplished information security leaders across both the public and private sectors, evaluated the achievements of a select group of nominees and awarded GISLAs to one individual and one team in each of five distinct categories. The 2010 GISLA winners are as follows:
Category: Federal Contractor
Kenneth A. Buszta, CISSP-ISSMP, CISM, CHS-III, CRMP, NSA IAM, NSA IEM, is a federal contractor with Integrity Applications Incorporated and was charged with improving the security posture of the Tomahawk Command and Control System (TC2S). Not only did he address over 300 open vulnerabilities, but his efforts resulted in the development of a Quarter IA vulnerability analysis process that was applied in the SIPRNET network.
The Military Satellite Communications Systems Wing (MCSW) Certification and Accreditation (C&A) team, comprised of 15 highly trained and certified professionals, planned and executed a full "cradle to grave" C&A program, positively impacting the security and integrity of $41 billion in military communications assets. The team utilized government and industry standards, along with a systems and software engineering perspective throughout the entire lifecycle.
Category: Workforce Improvement
Thomas W. Schankweiler III, chief information security officer, Office of the Secretary, Department of Health and Human Services (HHS), is recognized for developing and implementing a comprehensive information security program within the Office of the Secretary of HHS. During the implementation of this program, Mr. Schankweiler emphasized the importance of educating the workforce on the challenges of IT security and related privacy issues. Recognizing that people were a key component of the security program for the Office of the Secretary, he ensured that his co-workers fully understood their responsibilities for assuring the protection of the sensitive information resident of IT systems used within his organization.
The National Defense University (NDU) "Assuring the Information Infrastructure (AII)" team, under the leadership of Professor Mark Duke, educates government officials and military officers in information assurance and critical information infrastructure protection. The team demonstrated its dedication and flexibility by rapidly deploying a "virtual" classroom during the 2010 snowstorms that engulfed the National Capitol Region.
Category: Technology Improvement
Kenneth Kurz, chief of the National Cryptographic Solutions Management Office (NCSMO), National Security Agency (NSA) Information Assurance Directorate (IAD), has led the cryptographic capability transformation efforts across the Department of Defense (DoD), intelligence community and federal government to enable secure, interoperable and sustainable solutions that protect and defend our national security. In the past year, the office has exceeded many of its outlined goals, including reengagement of broad DoD senior leadership that led to the completion of a comprehensive 90-day review of the current cryptographic modernization environment driving needed changes across the community and spearheading the creation of an operational cryptographic risk assessment methodology.
The Lightweight Portable Security (LPS) team at the United States Air Force is led by senior software protection engineer, Rich Kutter, inventor and lead developer of the Lightweight Portable Security (LPS) security solution. The project was developed under the Department of Defense Research and Engineering's (DDR&E) Software Protection Initiative to provide trusted browsing and remote access for end-nodes. The LPS product is less than a year old and has already been deployed to over 30 organizations with more than 58,000 employees.
Category: Community Awareness
Erich Fronck, Network ISO at the Department of Veteran's Affairs, established a security awareness tracking process that utilizes an existing enterprise system — with innovative components for tracking — and has significantly improved the VA's security awareness training compliance.
The Global Cyber Security Management (GCSM) team at the U.S. Department of Homeland Security has elevated awareness throughout the cybersecurity community by leading the interagency efforts focused on the National Initiative for Cyber Security Education (NICE), providing and facilitating government-wide access to on-demand information technology security training for over 100,000 users and implementing a community college Centers of Academic Excellence program.
Category: Process/Policy Improvement
April Giles, program manager and chief architect of the General Services Administration's FIP 201 Evaluation Program, created the vision and identified an appropriate protocol for certificate validation (as a core part of HSPD-12 identification standard for X.509 certificates) requests/responses for the server-based Certification Protocol (SCVP). As a direct result of April's challenging process improvement effort in the area of certification, all agencies government-wide are able to verify, in real-time and at a very low cost, certificate credentials for authenticating and then authorizing employee and contractor access to government facilities and computer-based assets.
The Defense Business Systems Acquisition Executive (DBSAE) team at the Business Transformation Agency for the Department of Defense is recognized for their process improvement of contractual language formalization that has and will continue to result in a more secure IT acquisition process for DoD business operations, a very secure and more cost-effective software development methodology and a simplified C&A process to ensure that risk is quickly identified and mitigated.
For more information on the GISLAs, including past winners, selection criteria and eligibility requirements, please visit www.isc2.org/gisla.
© 2010, (ISC)2 Inc. (ISC)2, CISSP, ISSAP, ISSMP, ISSEP, and CSSLP, CAP, SSCP and CBK are registered marks of (ISC)2, Inc.
Tags: CISSP, (ISC)2, GISLAs, CAP, SSCP, hord tipton, security professional, security award