Reducing Federal Systems Risk with the SANS 20 Critical Controls

The big news from RSA this year was the announcement out of the Department of Homeland Security (DHS) that U.S. and Canadian government agencies are adopting the SANS 20 Critical Security Controls as a standard. While the Federal Information Systems Management Act or 2002 (FISMA) and NIST guidelines such as NIST 800-53 provide a more comprehensive set of information assurance controls, the SANS 20 Critical Controls project has endeavored to create an effective, prioritized, and manageable set of assurance controls that is more achievable.


In this webcast, government security expert, G. Mark Hardy, will discuss how U.S. federal agencies and other government organizations can reduce risk using the SANS 20 Critical Controls while still meeting their legal FISMA mandates. He will show the benefits of using these controls not simply to achieve compliance with a standard, but to reduce risk and limit the effects of cyber attacks. With the recent proliferation of cyber attacks and headline grabbing cyber incidents, he will discuss how the SANS 20 Critical Controls can be used to help protect an organization's information systems.