Meet John Gilligan. John Gilligan, the President of Gilligan Group, is a proven IT innovator with a strong blend of leadership and operational experience.
The Cyber Security Commission formed to advise the incoming Administration released its recommendations on December 8th. John Gilligan co-authored the report.
Managing Complexity. In his government career, Mr. Gilligan successfully managed some of the most complex IT development and integration programs.

Resume

Next Steps on Consensus Audit Guidelines



UPDATED: November 13, 2009

A three-pronged effort is moving the Consensus Audit Guidelines toward broad adoption:

  • 1. Pilot implementation: Pilots will be conducted in several federal agencies during this year to test the CAG for value and cost compared with what would have been done under the current practices that the agencies use. The U.S. Department of State has been the most active department in implementing the 20 Critical Controls.


  • 2. CAG Automation Tools Workshops: A series of workshops will be held in which federal users that have already automated controls identified in the CAG can present the lessons they have learned about what works and why. The result of the workshops will be requirements documents for automation of each of the fifteen controls that can be used by government procurement efforts such as the GSA SmartBuy program and by the DoD Enterprise Systems and Solutions Group to begin government-wide procurement of the necessary technologies.

    Initial results of the tool evaluation can be found at the SANS web site



  • 3. Global validation: During the comment period, the CAG will be closely compared with the audit guides for ISO 2700x, HIPAA, GLB, PCI, and SOX compliance testing to determine whether any of these include controls and tests that do a better job of blocking or mitigating known attacks.


Related Links