News / Critical Security Controls Survey: Moving From Awareness to Action
New and more robust security standards and frameworks developed to address risks to enterprise IT systems and the critical data.
Whilst security controls are not very exciting, they do help to keep organisations safe. Many security standards and frameworks have been developed in recent years to address risks to enterprise systems and the critical data within them. Much to our regret, many are simply compliance exercises that have diverted security programme resources away from potentially dangerous attacks that require much more attention.
In 2008, the U.S. National Security Agency (NSA) recognised this problem and began an effort that took an “offense must inform defense” approach to prioritising a list of the controls that would have the greatest impact in reducing risk against real-world threats.
A consortium of U.S. and international agencies quickly grew and recommendations for what were to become the Critical Security Controls (CSCs) were coordinated through the SANS Institute. The SANS Institute was established in 1989 as a cooperative research and education organisation and its programmes now reach more than 165,000 security professionals around the world.
A number of questions, including “how well are the CSCs known in government and private industry?” and “how are they being used?” were posed to 699 respondents through a recent online survey conducted by the SANS Institute. The survey was sponsored by IBM and the results show that CSCs have quickly reached a high level of visibility and, crucially, are being given the necessary attention and support at high levels.
We think this paper is the latest thing and is well written, so, if you run security for your company, then you really should read it.
If you think we can help with your corporate security then please get in touch.