Presidential Advisory Commission on Cybersecurity Recommendations Point to Security Testing as a Key to Validating and Improving Cybersecurity

Presidential Advisory Commission on Cybersecurity Recommendations Point to Security Testing as a Key to Validating and Improving Cybersecurity

CSIS Commission Report “Cybersecurity Two Years Later” Builds on the Office of Management and Budget’s (OMB) Memo 10-15 Insisting that Continuous Testing and Monitoring is Critical to Improving the Cybersecurity Standing of the United States

BOSTON – February 2, 2011 - Core Security Technologies, the market’s leading provider of IT security test and measurement software solutions, today applauded recommendations released by the CSIS (Center for Strategic and International Studies) Commission on Cybersecurity for the 44th Presidency. Several portions of the guidance, which is contained in the report “Cybersecurity Two Years Later,” are best achieved by deploying comprehensive security test and measurement, of the kind provided by Core Security. In particular, Core’s recently released CORE INSIGHT Enterprise solution provides automated and continuous testing that can enable government agencies and those who provide services to the US government to comply with various elements of the commission’s recommendations.

Core Security’s Vice President of Security Awareness and Government Affairs Tom Kellermann has been a member of the CSIS commission since its inception as a cybersecurity advisory to the President in 2008. Kellermann published his thoughts on the commission’s recommendations on Core Security’s blog:  He notes how the cybersecurity landscape has changed worldwide since the commission published an early report two years ago.

Kellermann summarizes the report this way: “Critical infrastructures are under constant attack, and they must identify how their critical assets are exploitable before they are compromised by foreign parties.  Regular testing, using real-world methods is one of the only ways to verify that systems and data are effectively protected against the Advance Persistent Threats (APTs) that face our nation. The commission’s recommendations recognize this fact.”

Core Security notes the following commission recommendations where its solutions can aid in both meeting the guidance and providing a framework for validating and measuring an organization’s overall security effectiveness:

  • In its recommendations the commission suggests better metrics for evaluating the security of critical infrastructure, especially as part of continuous monitoring of an entity’s security. CORE INSIGHT Enterprise provides continuous testing and measurement, allowing government agencies and public-sector companies to benchmark the security of their systems, answering the question: “Are your critical assets exposed?”

  • A related recommendation suggests changing the way the federal government buys products to ensure deployed IT solutions are secured. Specifically, testing and measurement of third-party managed service providers is advised so that these solutions are monitored continuously.

  • The commission recommends building an expanded workforce with adequate cybersecurity skills. The first certification to be issued this spring by the congressionally funded National Board of Information Security Examiners (NBISE) is expected to cover penetration testing. Core Security’s CORE IMPACT Pro is the solution of choice to conduct comprehensive penetration testing. Numerous agencies within the federal government already use CORE IMPACT Pro to improve the efficiency and effectiveness of their internal testing teams. The company is participating in NBISE certification development.

  • Finally, one of the recommendations stresses the need for focused research and development on cybersecurity. Dr. Douglas Maughan from the Department of Homeland Security has noted ten critical gaps in cybersecurity, and the commission suggests funding research to address these gaps. The second issue outlined by Dr. Maughan is the need for additional metrics and testing.

About Core Security Technologies

Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and prove real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.

Core Security’s software solutions build on over a decade of trusted research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at:


Lesley Sullivan

Schwartz Communications

781 684-0770

Wed, February 02