Match Game: Security Controls and Reported Incidents - Interview with John Streufert, State Department Deputy CIO and CISO, Part 2

Summary: When a consortium of federal agencies and private organizations circulated among federal agencies earlier this year the <b><a href="https://www.govinfosecurity.com/new-guidelines-top-20-cybersecurity-controls-a-1228">Consensus Audit Guidelines</a></b>, the IT security team at the State Department mapped these 20 most critical cybersecurity controls against security incidents reported by State to the Department of Homeland Security. <p>John Streufert, deputy chief information officer and chief information security officer at the State Department, in an interview reveals the results of the match and explains how that knowledge helps the department secure its worldwide IT systems and networks. In addition, Streufert discusses a new grading system employed by State aimed at reducing systems and network vulnerabilities. </p><p>Streufert, in an earlier interview, discussed the department's Risk Scoring Program, which is aimed at pinpointing and correcting the worst vulnerabilities on any particular day on any of its worldwide systems and networks. (<b><a href="https://www.govinfosecurity.com/interviews/beyond-fisma-state-depts-next-gen-metric-interview-john-streufert-i-276">Click here</a></b> to listen to that interview.). </p><p>Streufert spoke with Information Security Media Group's Eric Chabrow, managing editor of GovInfoSecurity.com</p>