3. Continuous vulnerability assessment and remediation
Most attacks exploit known vulnerabilities--publicly disclosed flaws that vendors have already developed patches for. Even if there is no active exploit in the wild, once a vendor releases a patch attackers can reverse-engineer it to create a new attack. A system of vulnerability assessment and patch management will help you plug those holes before attackers find them.
New vulnerabilities are discovered almost constantly, though, so almost as soon as you conduct a vulnerability scan the results are outdated. If you use a tool like QualysGuard, or nCircle PureCloud, you can set up automated vulnerability scans to be conducted on a regular basis.
4. Malware defenses
The vast majority of attacks come in the form of malware, including viruses, worms, Trojans, botnets, and rootkits. If you have antimalware protection in place--such as McAfee Internet Security 2013 or BitDefender Internet Security 2013--and keep it updated regularly, it should be able to detect and block known malware threats. Most antimalware tools also include heuristic techniques capable of identifying suspicious or malicious behavior to defend against new, unknown attacks.
The 20 Critical Security Controls have been around for a few years, but they're periodically updated. This latest is version 4.0.
Sign up for CIO Asia eNewsletters.