Top Twenty Critical Controls

Top 20 Controls achieves a 94% reduction in “measured” security risk.

The Top 20 Critical Security Controls for cyber defense consist of high-priority information security measures and controls that can be applied across an organisation in order to improve its cyber defense. The development of these controls is being coordinated by the SANS Institute.

The 20 controls (and sub-controls) focus on various technical measures and activities, with the primary goal of helping large and small organisations organize their efforts to defend against the current most common and damaging computer and network attacks. The 20 controls recognize changing technology and methods of attack.

The Top 20 Controls was initiated by John Gilligan (previously CIO of the US Department of Energy and the US Air Force) under the direction of the Center for Strategic and International Studies. Members include NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus leading commercial forensics experts and pen testers that serve the banking and critical infrastructure communities.

The automation of the Top 20 Controls will radically lower the cost of security while improving its effectiveness. The US State Department, under CISO John Streufert, has already demonstrated more than 94% reduction in “measured” security risk through the rigorous automation and measurement of the Top 20 Controls.

This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  How It Works

Top 20 Critical Security Controls – Version 4.0

Print Friendly
Cyber Attacks Map