The Critical Security Controls: From Adoption to Implementation A SANS Survey
- Tuesday, September 9th, 2014 at 1:00 PM EDT (17:00:00 UTC)
- James Tarala, Tony Sager (moderator), Brian Mehlman, Barbara Kay, Wolfgang Kandek and Katherine Brocklehurst
You can now attend the webcast using your mobile device!
Awareness of the Critical Security Controls (CSCs) is high across many vertical industries, according to the first SANS Critical Security Controls Survey, which was published in June 2013. In it, 73% of 699 respondents from government (20%), financial (17%), health care, high tech and education (5% each) verticals said they are familiar with and/or adopting the Critical Security Controls. They also had problems with prioritization, integration, and achieving the full visibility that they need to protect and defend their networks.
Now, SANS is conducting its second survey on the CSCs, which focuses on learning about the advances CSC adopters have made and the difficulties they have encountered in adopting the controls. In this webcast, we will identify what verticals are adopting the controls and help the community learn how to prioritize and adopt these controls.
Join this webcast, featuring SANS CSC course author and instructor James Tarala and Tony Sager, SANS Director and Director of the Consortium for Cybersecurity Action, to learn full results of the survey and the current state of CSC adoption. We will celebrate the wins and explore the barriers to adoption, including:
- How participants have implemented the CSCs
- Who in their organizations champion adoption
- How they demonstrate progress in implementation
- What improvements in security posture they have documented as a result of implementing the CSCs
- What participants have put on their wish lists for improving their experiences in adopting CSCs
Barbara G. Kay
Barbara G. Kay, CISSP, is senior director of strategic marketing for McAfee, part of Intel Security. She leads strategy and content development for the Security Connected platform, McAfee’s optimized and open security architecture. Her writing includes mobile threat research reports, technical white papers, and many components of the Security Connected Reference Architecture. In addition to her tenure as director of security and privacy marketing at Sun Microsystems, Barbara has extensive security industry experience enabling leaders such as Cisco, Websense, Good Technologies and Netgear.
Brian Mehlman has over 20 years' experience working in senior technical, product marketing and management positions with innovative and industry leading software companies. Prior to EiQ Networks, Brian helped deliver solutions in the areas of Network, Systems, Storage and Security management for Q1 Labs, Network Appliance, 3COM Corporation, Fidelity Investments and Hewlett Packard. Brian played an integral role in two successful acquisitions: Metrix Network Systems by Hewlett Packard and Webmanage Technologies by Network Appliance.
James Tarala is a principal consultant with Enclave Hosting, LLC and is based out of Venice, FL. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many of their auditing and security courses. As a consultant he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft based, directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues and often times performs independent security audits and assists internal audit groups to develop their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University, his graduate work at the University of Maryland, and holds numerous professional certifications.
Tony Sager (moderator)
Tony Sager is the Chief Technologist and a founding member of the Council on CyberSecurity - an independent, international, non-profit organization whose mission is to identify, validate and sustain best practices in cybersecurity by people, in the application of technology, and in the use of policy. He leads the development of the Top 20 Critical Security Controls, a world-wide volunteer consensus activity to find and support technical practices that stop the vast majority of attacks seen today. Tony also serves as the Director of the SANS Innovation Center, a subsidiary of The SANS Institute. Tony retired from the National Security Agency in June 2012 after 34 years as an Information Assurance professional. His last job was Chief Operating Officer of the Information Assurance Directorate. Before that he created and led the Vulnerability Analysis and Operations Group (VAO), which was responsible for some of NSAs most important advancements in cyber
Wolfgang Kandek, CTO of Qualys, is responsible for product direction and all operational aspects of the Qualys Cloud Platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Before joining Qualys, Wolfgang was director of network operations at the online music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany. Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Conference, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog.
Katherine Brocklehurst has been involved in product management and product marketing in network security for over 15 years. Working with network security technologies ranging from protocols to core encryption to intrusion detection/prevention to XML firewalls for web apps, she's touched every layer in the ISO model. Katherine is now focusing on security metrics, analytics and connecting IT security to business initiatives. It is now a fundamental job requirement that CISOs and their teams be able to better manage and communicate their efforts in support of business initiatives, and Katherine works on this every day as senior product marketing manager at Tripwire.