SANS Institute made available a prioritised baseline of information security measures and controls that allows organisations to focus their spending on the key security controls that protect against known attacks and detect attacks that occur.

For each of the 20 controls a number of properties are described in detail:

• How do attackers exploit the lack of this control?
• How can this control be implemented, automated, and its effectiveness measured?
• Procedures and tools for implementing and automating this control:
• Control metrics
• Control test details
• Referencing to NIST SP 800-53

http://www.sans.org/critical-security-controls/

SANS also offers the 20 Critical Security controls document available in PDF version.

This entry was posted on Wednesday, April 28th, 2010 at 9:04 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.