20 critical controls for effective cyber defense

The SysAdmin, Audit, Network, Security (SANS) Institute is coordinating the development of technical measures and activities that help organizations build defences against cyber-attacks. The twenty agreed controls are:

  • Inventory of authorised and unauthorised devices
  • Inventory of authorized and unauthorized software
  • Secure configurations for hardware and software on laptops, workstations, and servers
  • Continuous vulnerability assessment and remediation
  • Malware defenses
  • Application software security
  • Wireless device control
  • Data recovery capability
  • Security skills assessment and appropriate training to fill gaps
  • Secure configurations for network devices such as firewalls, routers, and switches
  • Limitation and control of network ports, protocols, and services
  • Controlled use of administrative privileges
  • Boundary defense
  • Maintenance, monitoring, and analysis of security audit logs
  • Controlled access based on the need to know
  • Account monitoring and control
  • Data loss prevention
  • Incident response capability
  • Secure network engineering
  • Penetration tests and red team exercises

Read more – http://www.sans.org/critical-security-controls/

Read more – http://www.cpni.gov.uk/advice/infosec/Critical-controls/

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top