An Organic Approach to Implementing the Critical Security Controls
This paper describes a method (almost a philosophy) for using the Critical Security Controls (CSCs) to drive long term improvement by carefully choosing specific metrics linked with operational processes. In contrast to formal process models, this method begins with identifying existing areas where...