Since the SANS Institute hosted the first version of the Critical Security Controls (CSC) in 2008, the controls have been upgraded four times to meet demands of an evolving threat and vulnerability landscape. During that time, the Department of Homeland Security essentially made the CSCs a de facto standard to be followed by its branches. Canadian and other international authorities are also using these controls as guidelines to support their own cybersecurity policies, and so, too, are private-sector organizations with the most to lose, such as those in the infrastructure and financial fields.
Sponsored by Tripwire