Cyber Skills Training at SANS Rocky Mountain Fall 2017. Save $400 thru Aug. 2.

SANS Security Trend Line

Sleepless CISO's Plan on Implementing the Critical Security Controls

I'm always on the lookout for good graphics to use in presentations about security. I recently came across EIQ Network's recent small survey on "What Keeps IT Pros Up at Night?" that reported roughly equal fears of experiencing a breach and failing a security audit - realistic, but still kinda depressing to me.

Failing a security audit doesn't damage a single customer, causes minimal business damage. Experiencing an actual breach can damage millions of customers and causes enormous, career-altering damage to the business.

In a larger SANS survey looking at the adoption of the Critical Security Controls, SANS found that the largest motivation to focus on the Critical Security Controls was to reduce risk (80%) while nearly 40% of adopters were doing so to simplify the effort required to satisfy multiple compliance regimes - a much better balance between "Protect the Business" and "Satisfy the Auditors."

The EIQ survey did show that 20% of their survey respondents are moving to implement the Critical Security Controls, and included that in the graphic below.

Post a Comment


* Indicates a required field.