The Critical Security Controls – Moving Beyond the Checklist Mentality

The Critical Security Controls – Moving Beyond the Checklist Mentality

The "Critical Security Controls" (CSC) guidelines (previously known as the "Consensus Audit Guidelines," or CAG) are designed to help organizations move beyond a "checklist" mentality by making security an integral part of, instead of an adjunct to, the operations and management of systems and networks. Based on known "real world" attack vectors, it helps organizations by prioritizing IT security expenditures so they get the most value from their IT security spend. Though the initial framework was focused on federal agencies, the CSC might impact organizations beyond just US governmental agencies. Since 85% of the critical public infrastructure (think communications, power, transportation, financial and more) are in private hands, the notions suggested in CSC are expected to force their way into those arenas (via, for instance, NERC and CFATS). The CSC consists of 20 Critical Controls; the first 15 of these should be automatically measured and validated, while the last five cannot be automatically assessed with today's technology. These 20 controls are made up of 142 different implementation guidelines.

Listen to this podcast to learn more about the CSC guidelines and how they can help your organization.

13 Aug 2009
Aug 13, 2009
Already a Bitpipe member? Login here

Download this Podcast!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.