• Home
• News
  • Business Continuity News
  • Regional news
  • Sector news
  • Events Diary
  • Newsfeed
• Jobs
• Topics
  • BC: Facilities & Buildings
  • BC: General
  • BC: Markets & Companies
  • BC: Plan Development
  • BC: Software
  • BC: Statistics
  • BC: Testing & Exercising
  • Crisis Comms & Management
  • Critical Infrastructure Protection
  • Disaster Recovery
  • Emergency Management
  • Enterprise Risk Management
  • Operational Risk Management
  • Pandemic Planning
  • PS Prep
  • Standards
  • Terrorism
• Technology
  • Cloud Computing
  • Data Center / Centre Issues
  • ICT Continuity
  • Information Security
  • Recovery Facilities
• Newsletters
  • Subscribe
  • Manage Your Subscription
• Journal
  • About the BC & Resiliency Journal
  • Latest papers
  • Subscribe
• Resources
  • MyContinuity Central
  • BC software directory
  • Newsfeed
  • Twitter
  • Advanced BC information
  • Advanced ICT information
  • Basic BC information
  • Basic ICT information
  • Training
  • How to advertise
  • About us
  • Contact us
  • Privacy
• Training
  • General BC training
  • e-learning
  • BIA training

Sign up for Continuity Briefing
Never miss a news story: signup for our free weekly email newsletter.

REGIONAL PORTALS
Continuity Central currently offers three regional business continuity portals:
North America
United Kingdom
Asia Pacific / Australasia

Use Google? Click the button to add Continuity Central news to your Google home page.
Get immediate news and information updates via our Twitter feed.

Twenty critical controls for effective cyber defence

The UK Centre for the Protection of National Infrastructure has released a new guidance document which details the ‘Top Twenty Critical Security Controls’. These provide a baseline of high-priority information security measures and controls that can be applied across an organization in order to improve its cyber defence.

The Centre for the Protection of National Infrastructure is participating in an international government-industry effort to promote the top twenty critical controls for computer and network security. The development of these controls is being coordinated by the SANS Institute.

The controls are:

Control 1 - inventory of authorised and unauthorised devices
Control 2 - inventory of authorised and unauthorised software
Control 3 - secure configurations for hardware and software on laptops, workstations, and servers
Control 4 - continuous vulnerability assessment and remediation
Control 5 - malware defences
Control 6 - application software security
Control 7 - wireless device control
Control 8 - data recovery capability
Control 9 - security skills assessment and appropriate training to fill gaps
Control 10 - secure configurations for network devices such as firewalls, routers, and switches
Control 11 - limitation and control of network ports, protocols, and services
Control 12 - controlled use of administrative privileges
Control 13 - boundary defence
Control 14 - maintenance, monitoring, and analysis of security audit logs
Control 15 - controlled access based on the need to know
Control 16 - account monitoring and control
Control 17 - data loss prevention
Control 18 - incident response capability
Control 19 - secure network engineering
Control 20 - penetration tests and red team exercises.

Read the document.

•Date: 13th January 2012 • UK •Type: Article • Topic: ISM