Tripwire Releases E-book on the Top 20 Critical Security Controls (20 CSC)

E-book Compiles Popular Blog Series, Provides Easy Reference Tool for Executives

PORTLAND, OREGON — December 5, 2013 Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced the release of a new e-book entitled “The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities.” The e-book is designed to provide executive-level guidance on the implementation of critical baseline security controls necessary to maintain a robust network security posture.

The Top 20 Critical Security Controls (20 CSC) were developed in 2008 by the National Security Agency (NSA) at the direction of the secretary of defense in an effort to efficiently direct agency resources toward the network security issues being used in the greatest number of attack vectors. According to the Cybersecurity Law Institute, the 20 CSC are the “de facto yardstick by which corporate security programs can be measured.”

Tripwire’s The State of Security blog recently featured a series of articles examining each of the 20 CSC. Each article distills both the most important concepts in each critical security control and key process improvements that can be used to ensure the implementation of that control is successful. In response to community and industry requests, Tripwire compiled these articles into an e-book for executives interested in the implementation, expansion or improvement of their organizations’ cybersecurity program.

“Nontechnical executives often find cybersecurity a mystery,” said Rekha Shenoy, vice president of cybersecurity strategy for Tripwire. “They really want to know if their critical assets are secure and if their business is protected against the cyberattacks used in the most recent breach in the headlines. Unfortunately, when they ask security experts these questions, they typically receive technical, jargon-laden answers that do not build confidence. This e-book is designed to take the mystery out of cybersecurity by helping executives focus on a small set of validated security techniques created to protect critical business assets. It also provides executives with a communication framework that facilitates a deeper exchange of understandable information with their security teams.”

The free e-book is available for download now:

About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at, get security news, trends and insights at or follow us on Twitter @TripwireInc.