Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Twenty critical controls for effective cyber defence

The UK Centre for the Protection of National Infrastructure has released a new guidance document which details the ‘Top Twenty Critical Security Controls’. These provide a baseline of high-priority information security measures and controls that can be applied across an organization in order to improve its cyber defence.

The Centre for the Protection of National Infrastructure is participating in an international government-industry effort to promote the top twenty critical controls for computer and network security. The development of these controls is being coordinated by the SANS Institute.

The controls are:

Control 1 - inventory of authorised and unauthorised devices
Control 2 - inventory of authorised and unauthorised software
Control 3 - secure configurations for hardware and software on laptops, workstations, and servers
Control 4 - continuous vulnerability assessment and remediation
Control 5 - malware defences
Control 6 - application software security
Control 7 - wireless device control
Control 8 - data recovery capability
Control 9 - security skills assessment and appropriate training to fill gaps
Control 10 - secure configurations for network devices such as firewalls, routers, and switches
Control 11 - limitation and control of network ports, protocols, and services
Control 12 - controlled use of administrative privileges
Control 13 - boundary defence
Control 14 - maintenance, monitoring, and analysis of security audit logs
Control 15 - controlled access based on the need to know
Control 16 - account monitoring and control
Control 17 - data loss prevention
Control 18 - incident response capability
Control 19 - secure network engineering
Control 20 - penetration tests and red team exercises.

Read the document.

•Date: 13th January 2012 • UK •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here