Extremely well done. These are published by the UK Centre for the Protection of National Infrastructure (CPNI).
Overview: http://www.cpni.gov.uk/advice/cyber/Critical-controls
Direct: http://www.cpni.gov.uk/documents/publications/2014/2014-04-11-critical-security-controls.pdf
Article Summary
The Critical Security Controls for cyber defence are a baseline of high-priority information security measures and controls that can be applied across an organisation in order to improve its cyber defence. CPNI is participating in an international government-industry effort to promote the Critical Security Controls for computer and network security. The development of these controls is being coordinated by the Council on CyberSecurity website.
Critical Security Controls guidance
CSC 1: Inventory of Authorized and Unauthorized Devices
CSC 2: Inventory of Authorized and Unauthorized Software
CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
CSC 4: Continuous Vulnerability Assessment and Remediation
CSC 5: Malware Defenses
CSC 6: Application Software Security
CSC 7: Wireless Access Control
CSC 8: Data Recovery Capability
CSC 9: Security Skills Assessment and Appropriate Training to Fill Gaps
CSC 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
CSC 11: Limitation and Control of Network Ports, Protocols, and Services
CSC 12: Controlled Use of Administrative Privileges
CSC 13: Boundary Defense
CSC 14: Maintenance, Monitoring, and Analysis of Audit Logs
CSC 15: Controlled Access Based on the Need to Know
CSC 16: Account Monitoring and Control
CSC 17: Data Protection
CSC 18: Incident Response and Management
CSC 19: Secure Network Engineering
CSC 20: Penetration Tests and Red Team Exercises
Unrelated......
Also found this while researching new information for a class. Session title is When Controls Fail.
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Overview: http://www.cpni.gov.uk/advice/cyber/Critical-controls
Direct: http://www.cpni.gov.uk/documents/publications/2014/2014-04-11-critical-security-controls.pdf
Article Summary
The Critical Security Controls for cyber defence are a baseline of high-priority information security measures and controls that can be applied across an organisation in order to improve its cyber defence. CPNI is participating in an international government-industry effort to promote the Critical Security Controls for computer and network security. The development of these controls is being coordinated by the Council on CyberSecurity website.
Critical Security Controls guidance
CSC 1: Inventory of Authorized and Unauthorized Devices
CSC 2: Inventory of Authorized and Unauthorized Software
CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
CSC 4: Continuous Vulnerability Assessment and Remediation
CSC 5: Malware Defenses
CSC 6: Application Software Security
CSC 7: Wireless Access Control
CSC 8: Data Recovery Capability
CSC 9: Security Skills Assessment and Appropriate Training to Fill Gaps
CSC 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
CSC 11: Limitation and Control of Network Ports, Protocols, and Services
CSC 12: Controlled Use of Administrative Privileges
CSC 13: Boundary Defense
CSC 14: Maintenance, Monitoring, and Analysis of Audit Logs
CSC 15: Controlled Access Based on the Need to Know
CSC 16: Account Monitoring and Control
CSC 17: Data Protection
CSC 18: Incident Response and Management
CSC 19: Secure Network Engineering
CSC 20: Penetration Tests and Red Team Exercises
Unrelated......
Also found this while researching new information for a class. Session title is When Controls Fail.
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/