Nov 30 2009   8:17PM GMT

Consensus Audit Controls Released – That are Actually Useful!

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

If you’re like me, if you see/or hear about one more “set of controls,” “baselines,” “standards” or “frameworks,” you’ll tear your hair out. And scream

For my money, the PCI data security standards have the most realistic set of sensible requirements around; requirements that actually speak to most business IT environments.

Standards and frameworks do not give concrete requirements and actual actions worth taking. Even ‘Best Practices” gives out only a limited amount of respect. After all, who is the “Best,” and how do we know the practices are really any good?

So I take a lot of announcements along these lines with a grain of salt and/or a delete button. But SANS has released “Twenty Critical Security Controls” that have been vetted by both the audit and the IT Security sides of the house – thus something useful for everyone. A lot of real practitioners have worked on this one, and it shows.

Check it out!

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: