There are some (not so many) pragmatic InfoSec control “charts” around – and one of the most well known is probably the SANS’s (Top) 20 Critical Security Controls list.
Another one definitely worth your attention is the Australian Department of Defence’s (Cyber Security Operations Centre’s) list of the Top 35 Mitigation Strategies to Mitigate Targeted Cyber Intrusions.
For the 2011 update of that compilation the authors have won the 2011 US National Cybersecurity Innovation Award – and for a good reason.
The first 12 out of the 35 winners of mitigation strategies are the ones judged to have EXCELLENT overall security effectiveness, and categories 1 to 4 – the Top Four Mitigation Strategies – have been shown to prevent 85 percent of targeted intrusions.
What hit me most though is the effectiveness and clearness of the list.
Just two pages – but more concrete, more useful, and more pragmatic than many 30+ pages “advice” I have seen published many times by the big players in IT consulting and research.
Here is the link: http://www.dsd.gov.au/publications/Top_35_Mitigations.pdf
RealLifeISM 
Posted on November 6, 2011 by Heiko Herrmann
0