The Twenty Critical Security Controls (20 CSC) have emerged as the “defacto yardstick by which corporate security programs can be measured,” according to the Cybersecurity Law Institute.

The 20 CSC were previously governed by SANS, but the ongoing development and adoption of the controls are now the responsibility of the Council on CyberSecurity, an independent, expert, not-for-profit organization with a global scope.

Prioritizing implementation of the 20 CSC can be daunting. In this video, the Council on CyberSecurity’s Tony Sager and Keren Cummins, Tripwire’s Director of Federal Solutions, discuss strategies for efficacy.

Hasta Pronto!



Related Resources:


picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].


picDefinitive Guide to Attack Surface Analytics

Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.


Title image courtesy of ShutterStock

Categories ,

Tags , , , , , , , , ,

SANS Endpoint Security Maturity Model
  • Christina Ayiotis

    Thanks for citing the Georgetown Cybersecurity Law Institute where Tony Sager gave the luncheon keynote on the Critical Controls last May. I hope everyone joins us May 21-22, 2014 for the 2nd Annual Cybersecurity Law Institute in Washington, DC.

Cindy Valladares

Cindy Valladares has contributed 147 posts to The State of Security.

View all posts by Cindy Valladares >