Awareness is key; having employees aware of the policies and practices that are enforced at a given point.

Ziring adds that the NSA has spent several years working with both industry partners and customers to develop effective whitelisting strategies (and whitelisting using Software Restriction Policies) and network access control, both generally considered awkward to implement and a nightmare to maintain in a world of constant updates and configuration changes.

We've been working on this very hard and it's been a big success. (Last November the SANS Institute awarded the IAD and their partner the Trusted Computing Group the 2011 National Cybersecurity Innovation Award. )

What worries the NSA?

Probably the biggest two worries for us right now are mobility and because the government wants that functionality the way that business wants it, but looks to NSA to tell them how to be secure while doing it.