The Twenty Critical Security Controls (20 CSC) have emerged as the “defacto yardstick by which corporate security programs can be measured,” according to the Cybersecurity Law Institute.
The development of this set of standards was first undertaken in 2008 by the National Security Agency at the behest of the Secretary of Defense in an effort to efficiently direct resources towards combating the most common network vulnerabilities which resulted in the greatest number of attack vectors, and they provide guidance for the broadest baseline technical controls that are required to ensure a robust network security posture.
The 20 CSC were previously governed by SANS, but the ongoing development and adoption of the controls are now the responsibility of the Council on CyberSecurity, an independent, expert, not-for-profit organization with a global scope. Over the course of the last year, Tripwire has featured a series of articles on The Sate of Security detailing elements of the 20 CSC (see list of article links below), and the response from the community has been tremendous.
“As the Chief Risk Officer for HP Enterprise Security Services, I would like to formalize this series of articles into a set of 20 guidance documents to house in our online Security Policy Reference Library internally in HP, in order to make them available to our worldwide audience of Account Security Officers,” said Andrea Simmons, Chief Risk Officer & Global Head of Security Policy for Enterprise Security Services at Hewlett Packard.
“We have an extensive Security Policy framework as part of our Information Security Management System (ISMS) and it takes a lot of ‘care and feeding.’ I have found these articles really helpful in separating out the key elements and providing helpful explanatory context and guidance. My aim is to ensure that our security, risk and compliance teams have access to great supporting resources like the 20 Critical Controls,” Simmons continued.
We thought that was a great idea, so we have compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
This publication is designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust network security posture.
The author, a security and compliance architect, examined each of the Controls and has distilled key takeaways and areas of improvement. At the end of each section in the e-book, you’ll find a link to the fully annotated complete text of the Control.
Download your free copy of The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities today.
- Using the SANS Top 4 Controls to Measure and Reduce your Attack Surface
- The SANS 20 CSC and Tripwire Solutions: Detailed Mapping of the Sub-controls
- The SANS 20 CSC and Tripwire Solutions: Accelerate Your Security
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock