Train From Home on Your Schedule with OnDemand - Special Offers Available Now


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Take the SANS Survey on the Critical Security Controls and Enter to Win an iPad!

Survey Explores What Types of Organizations are Adopting the Controls, What Controls They're Adopting, and Why

  • Bethesda, MD
  • March 21, 2013

The Critical Security Controls (CSC's) are being adopted by federal and state agencies in the U.S., Canada and elsewhere, to increase visibility into advanced threats, to shore up defenses, and ultimately for benchmarking and to improve risk posture.

To increase the limited information currently available about implementing the controls, the SANS Institute is conducting a 20-question survey for IT professionals, business unit managers and security/compliance experts. The survey was developed to find out what controls they're adopting, why, and how. The survey also explores how integrated the CSC's are in organizations that have adopted the controls, and whether any adopters have reached the stage where they can use the controls for benchmarking and to improve their risk postures.

"The Critical Security Controls are successful because of their open community approach - people and organizations voluntarily banding together to share information about threats and countermeasures, and then learning from each other how to break down the barriers to more effective defenses," says SANS Director, Tony Sager. "This survey is an opportunity to contribute to that important work."

The data from the survey will be released during a June 25, 2013, webcast, which will be followed by a published white paper with additional in-depth analysis. This data will enable organizations attempting to integrate the controls into their policies and processes to learn from their peers -- including their pain points, their successes and the resulting improvements.

"The Critical Security Controls have become widely known," explains John Pescatore, SANS Director of Emerging Security Trends who will author the report. "With this survey, webcast and white paper, we are increasing our efforts to identify both barriers to adoption and find 'what works' solutions from enterprises that have already successfully implemented some or all of the controls."

By taking the survey, sponsored by Symantec, FireEye and Tenable, respondents can help shape the future of the controls and their impact on IT operations, and can also opt-in to be entered in a drawing for an iPad. To take the survey, please visit:

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (