In a recent blog post on here, we discussed how a SANS survey shed light onto how important the SANS controls were as over 73 percent of the respondents said they have, or have plans to, adopt the security recommendations outlined by the SANS 2013 Critical Security Controls.
In recent light of the breaches of data security the government has had, a new report just came out that indicates the government is taking action in more ways than one and SANS 20 critical controls will be a key part of protecting government data.
It was just recently announced that former deputy secretary of the US Department of Homeland Security Jane Holl Lute will serve as president and CEO of a nonprofit Council on Cybersecurity, devoted to both encouraging the adoption of cybersecurity best practices and addressing the lack of skilled cyber-experts in the workforce.
According to Lute, "The council's main focus is to accelerate the widespread availability and adoption of effective measures in cybersecurity and practice in technology, with respect to workforce and policy to achieve and sustain security in cyberspace."
The council will also work with the SANS Institute to develop its 20 critical security controls and according to Lute will "assume the responsibility of leading ongoing efforts to continue to develop and evolve the controls." According to a SANS recent survey, operational silos within the IT security organization and between IT and other business departments are still the greatest impediment to implementing repeatable processes based on the controls. The survey found that only 10% of respondents said they felt they've done a complete job of implementing all of the controls that apply to their organizations.
This new council we think is important to the IT industry due to the fact that they are proactively taking the lead to implement and train IT employees to better address the many issues they face in cybersecurity as well as stressing the importance of utilizing the SANS critical controls. We here at EiQ recently implemented announced a ThreatVue™, the first out-of-the-box security monitoring solution that automates the implementation, analysis and remediation guidance of essential security controls as recommended by the Center for Strategic and International Studies (CSIS) and The SANS Institute for effective cyber defenses.
Our organization takes a innovative approach to the critical security controls implementation and security monitoring by proactively detecting critical security control failures, and providing actionable guidance and answers to improve an organization’s cyber defenses and overall security posture.
The council is sure to be a key asset in the industry as we see more and more companies’ adhering to the SANS 20 critical controls and implementing them into their security monitoring systems. There is certainly a need for a council like this as these controls grow and change, there will need to be a clear and concise effort amongst the IT community to train and inform the IT security personnel on the best practices and best way to utilize the SANS critical controls.
Learn more about monitoring information security controls.