On November 13 SANS , the well known training and certification organization for security professionals, along with CSI has published version 2.3 of Top 20 Security Controls. This new version adds NIST SP 800-53 revision 3 mappings to the controls. It also adds an updated appendix to include in each area of direct mapping between 20 critical controls and the 800-53 Rev 3 Priority 1 controls. There's also a new appendix summarizing attack types that motivated the development of each control.
This is a terrific resource. SANS asked Intellitactics to provide definition of how a SIEM solution is used to automate monitoring and reporting of these controls. We were also asked to provide customer references who could verify that the Intellitactics SIEM solutions did in fact monitor and report on the controls. Intellitactics has initially provided extensive documentation on two of the controls and will submit context on other controls later in the month.
The US Comprehensive National Cybersecurity Initiative (CNCI) insists as a central tenet that knowledge of actual attacks that have compromised systems provide the essential foundation on which to construct effective defenses. The Federal Information Security Management Act in drafting US ICE Act of 2009 (often referred to as the new FISMA) includes the same mandate.
Government security executives agree that what is required is a jointly established priority baselines of information security measures and controls; and, they also agree that these controls be continuously monitored through automated mechanisms.
This is exactly what Intellitactics has been advising customers using our SIEM software and appliances - ISM and SAFE. We offer as part of these SIEM solutions a mapping of a superset of controls from ISO and NIST to regulatory standards like PCI, SOX, HIPAA and NERC. After all everyone has limits on how much they can spend and using a baseline of controls - like those offered in this important research can save a lot of time and money.
This week we'll take a closer look at two of the controls and explain how our SIEM solutions are used to monitor and report on the effectiveness of these controls. Check back to read more - in the meantime read about control monitoring using Intellitactics.
This is a terrific resource. SANS asked Intellitactics to provide definition of how a SIEM solution is used to automate monitoring and reporting of these controls. We were also asked to provide customer references who could verify that the Intellitactics SIEM solutions did in fact monitor and report on the controls. Intellitactics has initially provided extensive documentation on two of the controls and will submit context on other controls later in the month.
The US Comprehensive National Cybersecurity Initiative (CNCI) insists as a central tenet that knowledge of actual attacks that have compromised systems provide the essential foundation on which to construct effective defenses. The Federal Information Security Management Act in drafting US ICE Act of 2009 (often referred to as the new FISMA) includes the same mandate.
Government security executives agree that what is required is a jointly established priority baselines of information security measures and controls; and, they also agree that these controls be continuously monitored through automated mechanisms.
This is exactly what Intellitactics has been advising customers using our SIEM software and appliances - ISM and SAFE. We offer as part of these SIEM solutions a mapping of a superset of controls from ISO and NIST to regulatory standards like PCI, SOX, HIPAA and NERC. After all everyone has limits on how much they can spend and using a baseline of controls - like those offered in this important research can save a lot of time and money.
This week we'll take a closer look at two of the controls and explain how our SIEM solutions are used to monitor and report on the effectiveness of these controls. Check back to read more - in the meantime read about control monitoring using Intellitactics.
Powered by Compendium Blogware
Comments for Top 20 Security Controls - Protecting Information Assets