SANS Institute

SANS Institute is an official knowledge partner with Edgis to promote cyber security awareness with our clientele which includes 501c charities, non-profit organizations, academic institutions and SMEs.

20 Critical Security Controls

  1. Inventory of authorised and unauthorised devices
  2. Inventory of authorised and unauthorised software
  3. Secure configurations for hardware and software on laptops, workstations, and servers
  4. Continuous vulnerability assessment and remediation
  5. Malware defences
  6. Application software security
  7. Wireless Device Control
  8. Data recovery capability
  9. Security skills assessment and appropriate training to fill gaps
  10. Secure configurations for network devices such as firewalls, routers, and switches
  11. Limitation and control of network ports, protocols, and services
  12. Controlled use of administrative privileges
  13. Boundary Defence
  14. Maintenance, monitoring, and analysis of security audit logs
  15. Controlled access based on the need to know
  16. Account monitoring and control
  17. Data loss prevention
  18. Incident response capability
  19. Secure network engineering
  20. Penetration tests and red team exercises

You can find a list of user vetted tools to automate part or all of the controls listed above.

Securing the Human: Getting Stakeholder Support

More useful links