- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
What the 20 CSC Critics say...
I am encouraged to see the many groups held responsible for protecting our sensitive government information are coming together with a common purpose. The federal government needs to focus limited resources on protecting our networks from consistent cyber attacks that threaten our national security and the 20 Critical Security Controls is a good first step.
- Senator Tom Carper, Chairman, U.S. Senate Committee on Homeland Security & Governmental Affairs,* *Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security
This is great! I think it will go a long way towards recalibrating the Federal cyber security efforts away from being what many have described as a report card driven paper-work exercise, to instead being now properly focused on meaningful efforts to improve the real security posture of our operational systems.
- Dan Galik, Chief Information Security Officer, US Department of Health and Human Services
I LOVE the 20 CSC!
- Mark Weatherford, Chief Information Security Officer, State of California
I have led teams investigating major attacks against DoD and commercial organizations. If these 20 CSC recommendations had been implemented, they would have been able to prevent simple attacks and would have enhanced the response capability against massive breaches before sensitive data was lost.
- Rob Lee, Mandiant
I was honored to be able to help. What excites me is this approach allows often resource constrained organizations to both focus on the most critical priorities and to implement solutions that are both practical and important.
- Dan Mintz, former CIO at the US Department of Transportation.
The security community is spending far, far too much time blindly complying with controls which ultimately yield little or no (in all-to-many cases) positive impact on our security posture. By narrowing the focus, I'm certain we can begin to yield more return from the NIST-based security process.
- Wade Bicknell, -E&E Enterprises Global
We have high regard for NIST's work. However, the problem for organizations trying to follow NIST's guidelines amid today's increasing cyberthreats is akin to confronting a raging new pandemic with an encyclopedic field guide to holistic health care.
We're bleeding badly. And we need triage to focus on the things that will keep the patient alive,
said 20 CSC project leader John Gilligan, who formerly was CIO of the Air Force and Energy Department, at a news conference last month.
What's needed now is for a variety of federal agencies to conduct pilot implementation projects to validate and refine the 20 CSC initiative. The outcome has the potential to significantly strengthen not only federal information systems but also enterprise networks worldwide.
- Wyatt Kash, editor of Government Computer News
http://gcn.com/Articles/2009/03/09/Editors-Desk-CAG-Security-Triage.aspx
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy