SANS 20 Critical Security Controls

What are they?

These Top 20 Controls were agreed upon by a powerful consortium brought together by John Gilligan (previously CIO of the US Department of Energy and the US Air Force) under the auspices of the Center for Strategic and International Studies. Members of the Consortium include NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and pen testers that serve the banking and critical infrastructure communities.

Infogressive’s Position

Our customers often ask us where they should focus their resources in order to reduce risk most effectively. Over time, based on our experience and training we’ve developed the ability to answer that question pretty quickly for clients. The SANS 20 Critical Security Controls are a set of guidelines that we particularly believe in and focus on when we assess our client’s security posture. It is our belief that these 20 controls help organizations focus on what matters and reduce risk dramatically.

Want to know how you’re doing? OR How Infogressive Can Help

The 20 controls mirror many of Infogressive’s core security values. As a result, many of our solutions and services directly address one or more of the controls. We can perform a risk assessment to measure how your organization is currently applying the 20 controls. We have also integrated the SANS 20 Critical Controls into our Rapid Risk Assessment framework. Maybe you’re already aware of the controls, but don’t have the time to implement the necessary changes? We can bring in our experts to assist you in implementing one or all of the controls.