SANS Institute is an official knowledge partner with Edgis to promote cyber security awareness with our clientele which includes 501c charities, non-profit organizations, academic institutions and SMEs.

20 Critical Security Controls

1. Inventory of authorised and unauthorised devices
2. Inventory of authorised and unauthorised software
3. Secure configurations for hardware and software on laptops, workstations, and servers
4. Continuous vulnerability assessment and remediation
5. Malware defences
6. Application software security
7. Wireless Device Control
8. Data recovery capability
9. Security skills assessment and appropriate training to fill gaps
10. Secure configurations for network devices such as firewalls, routers, and switches
11. Limitation and control of network ports, protocols, and services
12. Controlled use of administrative privileges
13. Boundary Defence
14. Maintenance, monitoring, and analysis of security audit logs
15. Controlled access based on the need to know
16. Account monitoring and control
17. Data loss prevention
18. Incident response capability
19. Secure network engineering
20. Penetration tests and red team exercises

You can find a list of user vetted tools to automate part or all of the controls listed above.

Securing the Human: Getting Stakeholder Support

• Stakeholder Presentation
• Employee Survey
• Data Breaches
• Compliance Requirements

More useful links

• CWE/SANS Top 25 Most Dangerous Software Errors
• Information Security Policy Templates
• SANS Security Awareness Training
• SANS Security Awareness Presentations
• SANS Monthly Security Awareness Newsletter (OUCH!)
• SANS Securing the Human Blog
• … More Security Awareness Resources