This post is second in a series on Cyber Security Preparedness, and follows step 1: Cyber Security Awareness. Today we look at the establishment of Critical Security Controls.
As security professionals, we all know that assurances come through the process of establishing and measuring controls. Cyber security is no different.
The Council on Cybersecurity, Center of Internet Security, SANS, and others have compiled a list of Critical Security Controls – now in their 5th revision. The document provides a roadmap for implementing the 20 critical security controls (CSC) and many associated sub controls. Has CSC been added to your control framework? Start your assessment now before the next incident or audit.
Five key sub-controls are your starting point:
- CSC 2.1 – Deploying application white-listing technology
- CSC 3.1 – Implementing a configuration standard operating systems
- CSC 3.2 – Automating the patching of the OS and Applications
- CSC 3.3 – Limiting administrative privileges
- CSC 4.1 – Perform automated vulnerability scans at least weekly
The foundation is established through numerous other Quick Wins. Further refinement is offered through sub-controls to add Visibility and improve Configurations.
Note:
Critical Security Controls have been considerably advanced since this post. Version 5 is no longer accessible. For the latest control set, see: https://www.cisecurity.org/controls/v8
Leave a Reply