Top 20 Critical Security Controls

You know, I really dig SANS for putting things together. On their page called Critical Security Controls for Effective Cyber Defense, they list the top 20 critical security controls.

I’m actually amazed at how quite a few companies do not place high emphasis on some of these. I worked for one company that thought security was ONLY having anti-virus.

Each of these security control links tell you why the control is critical, how to implement the control, procedures and tools, effectiveness metrics, automation metrics, effectiveness test, and diagraming it out for documentation of your implementation. It is nearly foolproof.  That being said doesn’t mean every place has a budget for this. I was in a conference today where I heard that socializing the concept will allow for better adoption, which can be used with executive management to drive the point of securing funding for complete implementation and maintenance.

 

 

This entry was posted in Security Blog and tagged , , , , , , . Bookmark the permalink.