Meet John Gilligan. John Gilligan, the President of Gilligan Group, is a proven IT innovator with a strong blend of leadership and operational experience.
The Cyber Security Commission formed to advise the incoming Administration released its recommendations on December 8th. John Gilligan co-authored the report.
Managing Complexity. In his government career, Mr. Gilligan successfully managed some of the most complex IT development and integration programs.


Background and Participants

Consensus Audit Guidelines

PUBLISHED: February 23, 2009

NOTE: An updated version of this topic was published on November 13, 2009. For the latest up-to-date information, please visit the updated page

The CAG was initiated early in 2008 as a response to the extreme data losses experienced by leading companies in the US defense industrial base (DIB).

The defense industrial base is huge and using red teams to find security holes would have taken decades and would have found only a smattering of the problems. Quicker and more effective would be to build a risk-based standard of due care based on knowledge gained by DoD red teams and forensics experts. Very quickly the participants recognized that the attacks targeting the DIB were nearly identical to those targeting federal agencies (and sensitive organizations in developed and developing countries around the world).

The project took on a greater significance and more organizations agreed to get involved. Today, the team that can take credit for the current draft of the Consensus Audit Guide include the following;

  • + US National Security Agency Red Team and Blue Team
  • + US Department of Homeland Security, US-CERT
  • + US DoD Computer Network Defense Architecture Group
  • + US DoD Joint Task Force – Global Network Operations (JTF-GNO)
  • + US DoD Defense Cyber Crime Center (DC3)
  • + US Department of Energy Los Alamos National Lab, and three other National Labs.
  • + US Department of State, Office of the CISO
  • + US Air Force
  • + US Army Research Laboratory
  • + US Department of Transportation, Office of the CIO
  • + US Department of Health and Human Services, Office of the CISO
  • + US Government Accountability Office (GAO)
  • + MITRE Corporation
  • + The SANS Institute
  • + Plus Commercial penetration testing and forensics experts at InGuardians and Mandiant

The technical editor for the Consensus Audit Guidelines is Ed Skoudis, author of both Malware and Counter Hack Reloaded. Ed has trained more incident handlers and penetration testers, inside and outside government, than any other person and is often called to manage incident handling when major financial institutions or retailers have been breached.

Related Links