Thursday, February 26, 2009

Control Based Security

SANS released a draft paper on the most important 20 controls for effective cyber defence, the list is very well defined, and makes a lot of sense.... 
  1. Inventory of Authorized and Unauthorized Hardware.
  2. Inventory of Authorized and Unauthorized Software.
  3. Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers.
  4. Secure Configurations of Network Devices Such as Firewalls and Routers.
  5. Boundary Defense
  6. Maintenance and Analysis of Complete Security Audit Logs
  7. Application Software Security
  8. Controlled Use of Administrative Privileges
  9. Controlled Access Based On Need to Know
  10. Continuous Vulnerability Testing and Remediation
  11. Dormant Account Monitoring and Control
  12. Anti-Malware Defenses
  13. Limitation and Control of Ports, Protocols and Services
  14. Wireless Device Control
  15. Data Leakage Protection
  16. Secure Network Engineering
  17. Red Team Exercises
  18. Incident Response Capability
  19. Data Recovery Capability
  20. Security Skills Assessment and Training to Fill Gaps

No comments: