Critical Security Controls: From Adoption to Implementation (retired)

The Critical Security Controls (CSCs), a well-known roadmap for enterprise information assurance published and maintained by the Council on CyberSecurity, is being widely adopted across financial and government sectors, according to the second SANS survey on CSC adoption. More than 20% of the 328 IT security professionals taking the survey were from financial industries, while another 18% represented government agencies. High-tech, energy/utilities, health care and other verticals also represented between 6% and 8% of survey takers, indicating that these segments are becoming aware of and active in implementing some of the controls.

Key findings include:

  • Respondents report that 90% of their organizations are adopting or planning to adopt some or all of the CSCs.
  • Barriers to adopting and automating the controls include insufficient staffing (63%), lack of budget (54%) and silos between IT security and operations (36%).
  • Of those to measure improvements from implementing the CSCs, 24% cite clearer visibility as their top improvement, while 16% cite improvements to overall risk posture, vulnerability reduction and compliance improvements. Another 11% cite detecting advanced attacks as an area of improvement.

Complete the form to download the survey results.