From Audit Guidelines to Red Team Attacks - Interview with Former Air Force CIO John Gilligan, Part 2

Summary: It's been nearly four years since John Gilligan retired as Air Force chief information office, but he remains a force in influencing the future direction of government information security. <p>Earlier this year, Gilligan - president of the consultancy Gilligan Group - led a consortium of federal agencies and private organizations in developing the <a href="http://www.govinfosecurity.com/new-guidelines-top-20-cybersecurity-controls-a-1228"><b>Consensus Audit Guidelines</b></a> that define the most critical security controls to protect federal IT systems and coauthored the influential Commission on Cybersecurity for the 44th Presidency report from the Center for Strategic and International Studies, a Washington think tank, that's helping shape federal government IT security policy. </p><p>In this second of a two-part interview with GovInfoSecurity.com Managing Editor Eric Chabrow, Gilligan explains the importance of the Consensus Audit Guidelines and how so-called red teams are critical in identifying vulnerabilities in government IT systems. </p><p>In the <a href="http://www.govinfosecurity.com/interviews/securing-off-the-shelf-it-i-234"><b>first part of the interview</b></a>, Gilligan explains the importance of core configuration, and the challenges the government faces in expanding the program to other types of information and communication technologies. </p><p>Gilligan spent a quarter century in the government workforce, and also served as CIO of the Energy Department.</p>