Introduction to the 20 Critical Security Controls
Proactive cyber defence may seem like a daunting task if you don’t have a focused plan of action to assess and improve your organisation’s security controls. Security professionals are aware that all vulnerabilities, whether on a system, network or application level, cannot be patched at the same time. The nature of your company’s business – such as industry, workforce mobility, and regulatory environment – also guides the level of security you need for your data and infrastructure.
The good news is that there are about 20 fundamental Critical Security Controls that, according to the Center for Internet Security, all organisations should have implemented regardless of their maturity, size or industry. These controls, on which we have focused our FREE High-Level 1-Day IT Security Risk Assessment, are prioritised to help companies focus their cyber defence efforts on high-impact areas first. We refer to these well-vetted controls as we assess companies’ security policies and actual procedures, allowing organisations to identify, protect, detect, respond to and recover their IT infrastructures according to industry best practices.
As an exciting way to kick-start the New Year, we will be covering each control’s focus area briefly over the next 20 weeks. To anchor the control in practical application, we will include how each technology within our portfolio addresses the various subcomponents of the various controls — you can choose which technology you want to read more about. This will help you make an informed decision on maintaining the right technology for your organisation’s unique infrastructure and reveal the inherent importance of measuring and improving your organisation’s maturity in proactively curbing cyber threats.
What to look forward to next week: Critical Security Controls #1: Inventory of Authorised and Unauthorised Devices