SANS Institute and Center for Internet Security (CIS) together with other organizations, developed the 20 Critical Security Controls (CSC) for Effective Cyber Defense.
CIS Controls are not a replacement for any existing compliance framework such ISMS, NIST, CSF, PCI etc, rather it’s core building block toward any GRC journey.
CIS Controls are not a replacement for any existing compliance framework such ISMS, NIST, CSF, PCI etc, rather it’s core building block toward any GRC journey.
What is CSC?
- Critical security Controls are recommended sets of actions for effective cyber defence.
- Provides specific and actionable ways to stop today's most pervasive and dangerous attacks.
Whys CSC?
- A principal benefit of the controls is that they prioritize and focus on smaller number of actions with high pay-off results.
- The controls are effective because they are derived from the most common attack patterns highlighted in the leading threat report and vetted across by a very broad community of government and industry practitioners.
- Created by people who know how attacks work such as:
- NSA Red & Blue team
- US Dept of Energy.
- Nuclear energy labs
- Law enforcement org.
- Nations top forensics and incident response org.
- Continued value is that controls are updated based on new attacks that are identified and analyzed by groups from Verizon to Symantec.
- Addresses the key control requirement from various standards, frameworks & regulations at operational level.
More details
on CSC v7.0.1 can be found at https://www.cisecurity.org/controls/
Very Informative
ReplyDelete