Top Controls That Work

Posted on November 6, 2011 by


There are some (not so many)  pragmatic InfoSec control “charts” around  – and one of the most well known is probably the SANS’s (Top) 20 Critical Security Controls list.

Another one definitely worth your attention  is the Australian Department of Defence’s (Cyber Security Operations Centre’s) list of  the Top 35 Mitigation Strategies to Mitigate Targeted Cyber Intrusions.

For the 2011 update of that compilation the authors have won the 2011 US National Cybersecurity Innovation Award – and for a good reason.

The first 12 out of the 35 winners of mitigation strategies are the ones judged to have EXCELLENT overall security effectiveness, and categories 1 to 4  – the Top Four Mitigation Strategies –  have been shown to prevent  85 percent of targeted intrusions.

What hit me most though is the effectiveness and clearness of the list.
Just two pages – but more concrete, more useful, and more pragmatic than many 30+ pages “advice” I have seen published many times by the big players in IT consulting and research.

Here is the link:

Posted in: Open Knowledge