Featured eBooks
CDM
Special Ops Technology
Intel and Analytics
Insights & Reports
The future of research
Presented By Google Public Sector
Download Now
Smarter Contracting for Federal Agencies and Government Contractors (Webinar)
Presented By Carahsoft
Download Now
The 2002 Grace Hopper

Government Technology Leadership Awards Privacy and Security

Showed the way for other agencies to secure their systems without blowing their budgets. Found an inexpensive way to provide critical education.
NASA-Wide Security Vulnerability Remediation Program
NASA

P

eople and viruses are always trying to break into NASA's computers, and protecting 80,000 systems across 10 field centers sometimes seemed impossible.

In the 1990s, too many hackers and viruses got in, and NASA had to do something about it. But preventing all break-ins, as any experienced online guardian will tell you, is untenable, since systems have tens of thousands of vulnerabilities.

So NASA prioritized, aiming its guns at the 50 most serious holes in its systems. The agency regularly updated its list of top security worries, ordering security specialists across the country to focus on those rather than on every minor hole that popped up. As a result, the percentage of successful attacks on NASA computers decreased 30 times over two years, even as the number of attempts increased. The better security lets the agency's scientists focus on space exploration instead of computer security. Plus, the improved security costs less than $3 million in labor and software per year.

"We fixed our most important problems first," says David Nelson, NASA's deputy chief information officer.

-Brian Friel

WHY IT WON

WHY IT'S INNOVATIVE
Locks the most frequently opened doors before hackers and viruses come knocking.

WHAT IT CHANGED

Chose to prevent attacks rather than just clean up after them.


Virginia's Information Security Awareness Training
State of Virginia

E

veryone agrees that training government employees to be security conscious is a good idea, but did you ever stop to think how much it costs? Jim Adams found out.

The director of security for the Virginia Department of Information Technology searched for a program to train thousands of state employees on cybersecurity awareness, and discovered it would cost upwards of $100 per employee each year. In the face of a $5 billion deficit, that kind of spending would have been impossible.

Refusing to give up, the state worked out a deal with online training organizations and established an automated, customized program that costs only $2.50 per employee to operate.

The Web-based training is already is in use by almost 200 employees in Adams' department. In two to three sessions, employees learn about hacker threats, virus protection, e-mail use and computer access management.

-Alan Paller, SANS Institute

WHY IT WON

WHY IT'S INNOVATIVE
Program was partly home-grown and costs less than cleaning up a cyber attack.

WHAT IT CHANGED
Employees are learning how to protect the systems they work on every day.