The Top 10 Critical Security Controls

The Top 10 Critical Security Controls

Receive-EmailAbout our Governance, Risk and Compliance Services

When trying to gain an understanding of critical security controls, it is important to remember that cyberspace, despite its current looming presence, is a relatively new phenomenon. In this article, we will examine the top 10 (of the 20) critical security controls and what organizations can do to improve on them.

20 Critical Secuirty ControlsCyberspace is defined as “an operational domain framed by use of electronics to…exploit information via interconnected systems and their associated infrastructure,” and while the US Defense Department sponsored a modest connection of a few computers called ARPANET (Advanced Research Projects Agency Network) in 1969, and the World Wide Web was conceived in 1989, it has only been in the last decade and a half that the number of websites burgeoned and businesses began to use this new technology to shift production and procurement in complex global supply chains. In 1992, there were only a million users on the Internet; today, there are nearly three billion, and the Internet has become a substrate of modern economic, social and political life. And the volatility continues. Analysts are now trying to understand the implications of ubiquitous mobility, the “Internet of everything” and analysis of “big data.” Over the past 15 years, the advances in technology have far outstripped the ability of institutions to respond, as well as our thinking about security.

The development of a ranking of critical security controls was first undertaken in 2008 by the National Security Agency (NSA) in an effort to efficiently direct resources towards combating the most common network vulnerabilities, which resulted in the greatest number of attack vectors.

It’s becoming a predictable routine to see businesses and organizations of all sizes featured in breaking news headlines for yet another unforeseen compromise. Meanwhile, executives across all industries are asking themselves, “What can I do to make sure I’m not next?” The answer is not groundbreaking—the majority of attacks can be prevented with solutions that are known today.

In this article, we will examine the top 10 (of the above 20) critical security controls and what organizations can do to improve on them. The top 10 critical security controls are:

  1. Inventory Hardware Assets, Criticality and Location
  2. Inventory Software Assets, Criticality and Location
  3. Secure Configuration Servers
  4. Vulnerability Assessment and Remediation
  5. Malware Protection
  6. Application Security
  7. Wireless Device Control
  8. Data Recovery
  9. Security Skills Assessment
  10. Secure Configuration – Network

Please find listed below suggested key activities and takeaways for these top 10 critical security controls.

Click image to enlarge
criticalsecurity-chart

Hopefully you and your organization will find these tips useful. In a subsequent article, we will cover the next 10 critical security controls, as we examine numbers 11 to 20 on the critical security controls list.

Ask Our Experts

The information contained herein is not necessarily all inclusive, does not constitute legal or any other advice, and should not be relied upon without first consulting with appropriate qualified professionals.

Previous Post

Next Post