Ending Soon! Get an iPad Air with Smart Keyboard, Surface Go, or $300 Off thru Dec 11 with OnDemand or vLive Training!


To attend this webcast, login to your SANS Account or create your Account.

The 20 Critical Controls: A Security Strategy

  • Tuesday, January 13th, 2015 at 3:00 PM EST (20:00:00 UTC)
  • Randy Marchany
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


The Controls are specific guidelines that CISOs, CIOs, IGs, systems administrators, and information security personnel can use to manage and measure the effectiveness of their defenses.The 20 Critical Controls define 20 actionable items that form the basis of a workable IT Security strategy. These items provide you with a security architecture that maps to compliance requirements such as NIST 800-53, ISO 27002, PCI-DSS and elements of Continuous Monitoring and Detection which address 70-80% of known attack vectors. Implementing the 20 critical controls in your organization is a long term project. An important component of this implementation strategy is the ability to collect metrics to effectively measure progress. This presentation discusses the 20 critical controls, shows examples and provides you with some suggestions on where in your organization to get the information needed to implement the controls. For more detailed information on the 20 Critical Controls, sign up for SEC 566 "Implementing and Auditing the Critical Security Controls - In Depth" class taught by Randy Marchany in Scottsdale, AZ on 2/16-20/2015. Details are at http://www.sans.org/event/scottsdale-2015/course/implementing-auditing-critical-security-controls.

Speaker Bio

Randy Marchany

Randy is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech's IT Security Laboratory. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. He is a member of the Center for Internet Security development team that produced and tested the CIS Solaris, HPUX, AIX, Linux and Windows2000/XP security benchmarks and scoring tools. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a Consensus Roadmap for responding to the DDOS attacks of 2000.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.