SANS: 20 critical security controls you need to add
Tim Greene |
Oct. 14, 2015
A list of the controls you need plus how to implement them
Prioritizing security measures is the first step toward accomplishing them, and the SANS Institute has created a list of the top 20 critical security controls businesses should implement.
They include some obvious steps, such as getting a comprehensive inventory of all network devices and software, implementing secure hardware configurations and providing for data recovery, but also gets into areas that are less evident.
Some of these items can be costly and include regularly scheduled assessments – penetration testing and red-team assessments, for example - so they require funding through annual security operating budgets.
Even if an organization can’t handle all 20, it’s a good list to include in a comprehensive set of goals that gets updated periodically as the threat landscape changes.
SANS offers a course on this, but here’s the list with links to recommended implementation steps: