The law of unintended consequences strikes again. In an effort to address security risks in enterprise IT systems and the critical data in them, numerous security standards and requirement frameworks have emerged over the years. But most of these efforts have had the opposite effect — diverting organizations’ limited resources away from actual cyber defense toward reports and compliance.
Recognizing this serious problem, the U.S. National Security Agency (NSA) in 2008 launched Critical Security Controls (CSCs), a prioritized list of controls likely to have the greatest impact in protecting organizations from evolving real-world threats.
This SANS Institute survey of nearly 700 IT professionals across a range of industries examines how well the CSCs are known in government and industry and how they are being used.
Major findings include:
Download your copy of the SANS 2013 Report on Critical Security Controls Survey: Moving from Awareness to Action to learn about how the CSCs are already driving changes in cyber security.
Download the Report