sponsored by Lumension
Posted:  13 Aug 2009
Premiered:  Aug 13, 2009
Format:  Audio
Type:  Podcast
Language:  English
The "Critical Security Controls" (CSC) guidelines (previously known as the "Consensus Audit Guidelines," or CAG) are designed to help organizations move beyond a "checklist" mentality by making security an integral part of, instead of an adjunct to, the operations and management of systems and networks. Based on known "real world" attack vectors, it helps organizations by prioritizing IT security expenditures so they get the most value from their IT security spend. Though the initial framework was focused on federal agencies, the CSC might impact organizations beyond just US governmental agencies. Since 85% of the critical public infrastructure (think communications, power, transportation, financial and more) are in private hands, the notions suggested in CSC are expected to force their way into those arenas (via, for instance, NERC and CFATS). The CSC consists of 20 Critical Controls; the first 15 of these should be automatically measured and validated, while the last five cannot be automatically assessed with today's technology. These 20 controls are made up of 142 different implementation guidelines.

Listen to this podcast to learn more about the CSC guidelines and how they can help your organization.

Government Information Security | Information Security | Security | Security Best Practices | Security Management | Security Spending | Security Standards

View All Resources sponsored by Lumension

About TechTarget:

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines

All Rights Reserved, Copyright 2000 - 2014, TechTarget | Read our Privacy Statement