Pulse

By GCN Staff

Blog archive

Government expands adoption of critical security controls

A majority of government organizations taking a recent survey by security education provider SANS Institute said they have adopted the Critical Security Controls (CSCs), a roadmap of 20 best practices for computer security developed by a public private consortium.

The CSC project was initiated in 2008 as a response to extreme data losses experienced by U.S. defense firms.

This year’s survey found 90 percent of organizations used the roadmap, with government and financial-sector-based industries leading the pack. The results run well ahead of a similar 2013 SANS survey, which showed a 73 percent adoption rate, according to SANS.

"Organizations across a broad range of industries are making steady progress toward adopting, integrating and automating the CSCs," said SANS analyst James Tarala, author of the survey results paper.

Even so, there are problems limiting adoption of all of the controls, he said.  Staffing issues, lack of budget and silos that limit communication between IT security and operations remain barriers that adopters encounter, according to Tarala.

These are key problems identified in last year's survey that haven't gone away, according to the Institute.

Not all organizations have adopted all controls, nor are they following the order of the controls currently listed as 1-20. But of those who are able to measure improvement, 16 percent noted the controls improved risk posture and 11 percent improved their ability to detect advanced attacks.

Tony Sager, director of the SANS Innovation Center and chief technologist for the Council on CyberSecurity, said the organization was working on guidelines and case studies, a resource requested by two-thirds of the survey respondents. 

"The Controls are not about having the best list of things to do – they are about members of a community helping each other improve their security, according to Sager. Full results of the survey will be shared during a Sept. 9, 2014, webcast at 1 p.m., EDT.

 

Posted by GCN Staff on Sep 08, 2014 at 9:41 AM


inside gcn

  • artificial intelligence (ktsdesign/Shutterstock.com)

    Machine learning with limited data

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities

More from 1105 Public Sector Media Group