A consensus of defensive and offensive security practitioners developed the SANS 20 Security Controls. In their implementation of this program, the United States Department of State demonstrated a substantial reduction in vulnerabilities in its first year alone. Given their overwhelming success, other organizations have begun to adopt this approach and have achieved similar results. Small businesses do not have to be excluded from this program. They too can use practical and often no cost ways to leverage existing security and administration tools to bolster their information security capabilities. Each control is paired with pragmatic ways for small business to rapidly deploy a continuous monitoring program at little to no cost. By leveraging and leaning into existing tools, the small business can develop a robust continuous monitoring program that is positioned to better recognize and respond to threats.
