In concert with a global consortium of agencies and experts from private industry, The SANS Institute created a list of 20 actionable controls with high payoff. I like this framework a lot because it is practical and straightforward.
Other frameworks like ISO 27000-series and COBIT certainly have their place. But those 100+ page documents are just too big and too theoretical to be of practical value for most of us and many of our organizations. On the other hand the SANS 20 list is something you can start using today but it has sufficient depth and the ongoing commitment of a dynamic organization like SANS to make it something you keep coming back to. The framework actually provides specific recommendations on how to implement the control at a technical level. The only other framework, well more of a regulatory requirement, that comes close to this list in terms of pithy practical guidance is PCI believe it or not.
Here's a quick rundown of the SANS 20
- Inventory of Authorized and Unauthorized Devices
- Inventory of Authorized and Unauthorized Software
- Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- Continuous Vulnerability Assessment and Remediation
- Malware Defenses
- Application Software Security
- Wireless Access Control
- Data Recovery Capability
- Security Skills Assessment and Appropriate Training to Fill Gaps
- Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
- Limitation and Control of Network Ports, Protocols, and Services
- Controlled Use of Administrative Privileges
- Boundary Defense
- Maintenance, Monitoring, and Analysis of Audit Logs
- Controlled Access Based on the Need to Know
- Account Monitoring and Control
- Data Protection
- Incident Response and Management
- Secure Network Engineering
- Penetration Tests and Red Team Exercises
In this webinar I will briefly introduce you to the entire list but then I will focus in on those controls that relate to endpoint security which are 1-4, 6, 12 and 18.
If you follow my work you know that my biggest area of concern is the end point; that is where I see us losing the battle based upon my own security assessment practice and research, and that is only reinforced by available details of high profile data breaches.
So I think starting with the end point is probably the best place for most of us to start with the SANS 20 list. Therefore I asked the KACE team at Dell Software to sponsor this real training for free ™ event. Ken Chalberg from Dell will briefly show you how their easy to use appliance-based systems management solutions can help you implement and automate the endpoint and operational related security controls of the SANS 20.
Don't miss this real training for free ™ event. Please register now!