Initially developed by the SANS Institute and known as the SANS Critical Controls, these best practices are indispensable to organizations both large and small. By adopting these sets of controls, organizations can prevent the majority of cyberattacks.
20 Critical Security Controls for Effective Cyber Defense
A study of the previous release found that by adopting just the first five controls, 85 percent of attacks can be prevented. Adopting all 20 controls will prevent upwards of 97 percent of attacks. With this release, one of the main goals was to be consistent with the workflow of each set of controls. Even existing controls that did not change much in terms of content saw a shuffling of the order of requirements. For each control, we will now see an abstract version of assess, baseline, remediate, and automate.
Additionally, the language has been cleaned up considerably from previous revisions. Now we see very concise wording, which has a higher abstraction than previous releases. This will be great in terms of allowing the set of controls to fit a wider range of platforms and attacks.
However, it leaves it up to the organization and the tools at their disposal on how to actually implement the controls. This may be challenging for organizations going at it alone, so enterprises should work with their security vendors, as they can provide guidance on the “in the weeds” details of various controls.
Many of the existing controls have stayed the same, albeit with some consolidation to remove duplicate requirements or simplify some wording.
A Quick Overview of Each CIS 20 Critical Control
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Travis Smith. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/security-controls/cis-top-20-critical-security-controls/