Skip to content ↓ | Skip to navigation ↓

Tripwire has announced the release of a new e-book entitled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is designed to provide executive-level guidance on the implementation of critical baseline security controls necessary to maintain a robust network security posture.

picThe Top 20 Critical Security Controls (20 CSC) were developed in 2008 by the National Security Agency (NSA) at the direction of the secretary of defense in an effort to efficiently direct agency resources toward the network security issues being used in the greatest number of attack vectors.

According to the Cybersecurity Law Institute, the 20 CSC are the “de facto yardstick by which corporate security programs can be measured.”

Tripwire’s The State of Security blog recently featured a series of articles examining each of the 20 CSC. Each article distills both the most important concepts in each critical security control and key process improvements that can be used to ensure the implementation of that control is successful.

In response to community and industry requests, Tripwire compiled these articles into an e-book for executives interested in the implementation, expansion or improvement of their organizations’ cybersecurity program.

“Nontechnical executives often find cybersecurity a mystery,” said Rekha Shenoy, vice president of cybersecurity strategy for Tripwire. “They really want to know if their critical assets are secure and if their business is protected against the cyberattacks used in the most recent breach in the headlines.”

“Unfortunately, when they ask security experts these questions, they typically receive technical, jargon-laden answers that do not build confidence. This e-book is designed to take the mystery out of cybersecurity by helping executives focus on a small set of validated security techniques created to protect critical business assets. It also provides executives with a communication framework that facilitates a deeper exchange of understandable information with their security teams,” Shenoy continued.

The free e-book is available for download now:



Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.

* Show how security activities are enabling the business

* Balance security risk with business needs

* Continuously improve your extended enterprise security posture