The 20 Critical Security Controls: From Framework to Operational to Implementation

Поделиться
HTML-код
  • Опубликовано: 6 июн 2024
  • The 20 CSC provide an excellent bridge between the high level security framework requirements and the operational commands needed to implement them. Implementation is a 3-7 year process depending on a wide variety of factors and constraints. This talk discusses our experiences in implementing the 20 CSC. For example, Control #1 has proved to be the most challenging one because it depends on how your IP addresses are generated by your networking group. We'll also discuss various tools and internal policies and standards that support a particular control's implementation. Finally, we'll show examples of how we measure progress.
    Speaker Bio
    Randy Marchany
    Randy is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech's IT Security Laboratory. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. He is a member of the Center for Internet Security development team that produced and tested the CIS Solaris, HPUX, AIX, Linux and Windows2000/XP security benchmarks and scoring tools. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a Consensus Roadmap for responding to the DDOS attacks of 2000.
  • НаукаНаука

Комментарии • 12

  • @RoDrop
    @RoDrop 3 года назад +3

    Thanks for sharing! Go Hokies!

  • @KabirKazim
    @KabirKazim 3 года назад +2

    Excellent !!

  • @comunidaddojo
    @comunidaddojo 3 года назад +3

    Very informative presentation , thank for sharing

    • @andersjaiden1467
      @andersjaiden1467 2 года назад +1

      you probably dont give a damn but does anyone know a way to log back into an Instagram account?
      I somehow lost my login password. I would appreciate any help you can offer me.

    • @seangunner6524
      @seangunner6524 2 года назад

      @Anders Jaiden Instablaster :)

    • @andersjaiden1467
      @andersjaiden1467 2 года назад

      @Sean Gunner Thanks for your reply. I found the site on google and Im waiting for the hacking stuff atm.
      I see it takes quite some time so I will get back to you later when my account password hopefully is recovered.

    • @andersjaiden1467
      @andersjaiden1467 2 года назад

      @Sean Gunner It worked and I finally got access to my account again. Im so happy:D
      Thanks so much, you saved my account!

    • @seangunner6524
      @seangunner6524 2 года назад

      @Anders Jaiden no problem =)

  • @cjv6295
    @cjv6295 11 месяцев назад

    Do you have telco security controls?

  • @CC-yr3gs
    @CC-yr3gs 2 года назад

    it is just a training course sans sec 566

Следующие
Автовоспроизведение
Security Leadership: How to Increase the Success of Your Projects1:01:30Security Leadership: How to Increase the Success of Your Projects
Security Leadership: How to Increase the Success of Your ProjectsSANS Institute
Просмотров 940
FREE Cybersecurity Training Course - CIS Critical Security Controls Introduction1:55:33FREE Cybersecurity Training Course - CIS Critical Security Controls Introduction
FREE Cybersecurity Training Course - CIS Critical Security Controls IntroductionKen Underhill - Cybersecurity Training
Просмотров 2 тыс.
How to Present Cyber Security Risk to Senior Leadership | SANS Webcast59:58How to Present Cyber Security Risk to Senior Leadership | SANS Webcast
How to Present Cyber Security Risk to Senior Leadership | SANS WebcastSANS Institute
Просмотров 84 тыс.
So I've played 3 hours of Elden Ring's DLC...33:15So I've played 3 hours of Elden Ring's DLC...
So I've played 3 hours of Elden Ring's DLC...VaatiVidya
Просмотров 1,5 млн
Vanna's Farewell to Pat | S41 | Wheel of Fortune02:00Vanna's Farewell to Pat | S41 | Wheel of Fortune
Vanna's Farewell to Pat | S41 | Wheel of FortuneWheel Of Fortune
Просмотров 313 тыс.
AU$TRALIA: A Travel Game - Ep 347:24AU$TRALIA: A Travel Game - Ep 3
AU$TRALIA: A Travel Game - Ep 3Jet Lag: The Game
Просмотров 426 тыс.
Will Smith Can't See While Eating Spicy Wings | Hot Ones22:47Will Smith Can't See While Eating Spicy Wings | Hot Ones
Will Smith Can't See While Eating Spicy Wings | Hot OnesFirst We Feast
Просмотров 896 тыс.
9 Mental Models You Can Use to Think Like a Genius11:319 Mental Models You Can Use to Think Like a Genius
9 Mental Models You Can Use to Think Like a GeniusFarnam Street
Просмотров 257 тыс.
RMF Control Selection Process And How To Write Security Control Implementation Statements (Hands-On)43:27RMF Control Selection Process And How To Write Security Control Implementation Statements (Hands-On)
RMF Control Selection Process And How To Write Security Control Implementation Statements (Hands-On)KamilSec
Просмотров 37 тыс.
Introduction to Security Architecture58:33Introduction to Security Architecture
Introduction to Security ArchitectureSANS Institute
Просмотров 34 тыс.
Managing Information Security Risk with CIS Controls1:03:11Managing Information Security Risk with CIS Controls
Managing Information Security Risk with CIS ControlsSANS Institute
Просмотров 2,2 тыс.
NIST AI Risk Management Framework & Generative AI Profile | Lunchtime BABLing 3644:08NIST AI Risk Management Framework & Generative AI Profile | Lunchtime BABLing 36
NIST AI Risk Management Framework & Generative AI Profile | Lunchtime BABLing 36BABL AI Inc.
Просмотров 572
NIST CSF 2.0 : Real-World Implementation Strategies and Tips17:39NIST CSF 2.0 : Real-World Implementation Strategies and Tips
NIST CSF 2.0 : Real-World Implementation Strategies and TipsPrabh Nair
Просмотров 11 тыс.
Creating a Security Metrics Program: How to Measure Success - SANS ICS Security Summit 201936:24Creating a Security Metrics Program: How to Measure Success - SANS ICS Security Summit 2019
Creating a Security Metrics Program: How to Measure Success - SANS ICS Security Summit 2019SANS Institute
Просмотров 16 тыс.
Use the NIST Cybersecurity Framework for your Business!10:55Use the NIST Cybersecurity Framework for your Business!
Use the NIST Cybersecurity Framework for your Business!Jonathan Edwards
Просмотров 18 тыс.
ПРОБЛЕМА МЕХАНИЧЕСКИХ КЛАВИАТУР!🤬00:59ПРОБЛЕМА МЕХАНИЧЕСКИХ КЛАВИАТУР!🤬
ПРОБЛЕМА МЕХАНИЧЕСКИХ КЛАВИАТУР!🤬Корнеич
Просмотров 3,7 млн
Иллюзионисты из компьютерных сервисов. Ремонт ноутбука Asus TUF Gaming FA706IU, Магия вне Хогвартса34:25Иллюзионисты из компьютерных сервисов. Ремонт ноутбука Asus TUF Gaming FA706IU, Магия вне Хогвартса
Иллюзионисты из компьютерных сервисов. Ремонт ноутбука Asus TUF Gaming FA706IU, Магия вне ХогвартсаNotebook1 Ассоциация сервисных центров
Просмотров 60 тыс.
Очень странные дела PS 4 Pro01:00Очень странные дела PS 4 Pro
Очень странные дела PS 4 ProТЕХНОБЛОГ ГУБАРЕВ СЕРГЕЙ
Просмотров 416 тыс.
Почему в вашем адресе электронной почты есть символ «@» 🤔00:24Почему в вашем адресе электронной почты есть символ «@» 🤔
Почему в вашем адресе электронной почты есть символ «@» 🤔Mov1eHouse
Просмотров 15 тыс.
ГОРЬКАЯ СЛАДКАЯ ПРАВДА 🔥 ЛУЧШИЙ ФЛАГМАН СМАРТФОН VIVO X100 ULTRA ИЛИ КУПИТЬ APPLE IPHONE 15 PRO MAX47:54ГОРЬКАЯ СЛАДКАЯ ПРАВДА 🔥 ЛУЧШИЙ ФЛАГМАН СМАРТФОН VIVO X100 ULTRA ИЛИ КУПИТЬ APPLE IPHONE 15 PRO MAX
ГОРЬКАЯ СЛАДКАЯ ПРАВДА 🔥 ЛУЧШИЙ ФЛАГМАН СМАРТФОН VIVO X100 ULTRA ИЛИ КУПИТЬ APPLE IPHONE 15 PRO MAXПольза NET
Просмотров 21 тыс.
РЕМОНТ ПО ГАРАНТИИ СЕРВЕРНОЙ ПЛАТЫ ASUS P9X79 ЗА ЛАЙКИ! В ЧЕМ БЫЛА ПРОБЛЕМА? КЛИЕНТ РАЗГОНЯЛ ПЛАТУ!?24:22РЕМОНТ ПО ГАРАНТИИ СЕРВЕРНОЙ ПЛАТЫ ASUS P9X79 ЗА ЛАЙКИ! В ЧЕМ БЫЛА ПРОБЛЕМА? КЛИЕНТ РАЗГОНЯЛ ПЛАТУ!?
РЕМОНТ ПО ГАРАНТИИ СЕРВЕРНОЙ ПЛАТЫ ASUS P9X79 ЗА ЛАЙКИ! В ЧЕМ БЫЛА ПРОБЛЕМА? КЛИЕНТ РАЗГОНЯЛ ПЛАТУ!?notebook-31
Просмотров 149 тыс.
wireless switch without wires part 600:49wireless switch without wires part 6
wireless switch without wires part 6DailyTech
Просмотров 1,2 млн
Сделайте что-нибудь Samsung J6 201800:59Сделайте что-нибудь Samsung J6 2018
Сделайте что-нибудь Samsung J6 2018youngfix
Просмотров 265 тыс.