How the 20 Critical Controls Address Real Threats

1,393 views

Published on

In this exclusive webinar, Tony Sager – Chief Technologist of the Council on CyberSecurity – discussed how organizations can implement a third-party-validated, authoritative framework called the 20 Critical Security Controls to prioritize their efforts and make security practical, effective and aligned to the business.

Dwayne Melançon, Tripwire’s CTO, joined Sager as the webinar moderator.

In this webcast, we:

- Discussed how to translate security information into specific and scalable action

- Described the remediation plan for the controls, starting with the Top 5

- Discussed how the Council on CyberSecurity uses a community approach to this translation problem to create and sustain the Critical Security Controls.

- Discussed how the community will help advise and support your risk management efforts with a formalized framework

The full recording of the webcast that accompanies this slide deck is available here: http://www.tripwire.com/register/how-the-20-controls-address-real-threats/

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,393
On SlideShare
0
From Embeds
0
Number of Embeds
30
Actions
Shares
0
Downloads
100
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Many times you have heard the phrase in security, “it’s not a matter of if you have been breached, but when”. I would like to add to that, it is also important to identify how long you have been exposed, or simply being able to detect if you have been breached in the first place.

    The enterprise threat gap is a model that helps us illustrate the amount of time that passes through three critical phases.

    The detection gap indicates the amount of time it takes to discover an actual compromise and identify it’s scope.

    The remediation gap indicates the time between that detection and the amount of time it takes to limit the damage.

    Then we have the preventive gap which is the measure of time it takes to avoid repeated or similar attacks.

    This process allows you to answer three key questions to the business:
    Have we been breached?
    How bad is it?
    Can we avoid this happening again?
  • Insert Slide
    -Their mission statement and a picture of Jane and Tony
    -Policy, manpower and Technology
    JBJ to talk about meetings and success of those meeting
    Merchantile Win—from tony

    Technology slide with controls—we are the technology
    You have to do the first 4 controls—again again and again



    Industry is coming around this—industry says this is what you should do
    Controls are less important
    Council for Cyber security
    Focus on 20 SCS council for Cyber Security…
  • Insert Slide
    -Their mission statement and a picture of Jane and Tony
    -Policy, manpower and Technology
    JBJ to talk about meetings and success of those meeting
    Merchantile Win—from tony

    Technology slide with controls—we are the technology
    You have to do the first 4 controls—again again and again



    Industry is coming around this—industry says this is what you should do
    Controls are less important
    Council for Cyber security
    Focus on 20 SCS council for Cyber Security…
  • Tripwire core competency is collecting data—challlenge is that humans cannot deal with it

    Driving Effective Security and Compliance—done on top of a bed of real system state intelligence
    Driven by
    VM –big change—vm assessment instantly
  • Tripwire core competency is collecting data—challlenge is that humans cannot deal with it

    Driving Effective Security and Compliance—done on top of a bed of real system state intelligence
    Driven by
    VM –big change—vm assessment instantly
  • Tripwire core competency is collecting data—challlenge is that humans cannot deal with it

    Driving Effective Security and Compliance—done on top of a bed of real system state intelligence
    Driven by
    VM –big change—vm assessment instantly
  • 85% of attacks result from known vulnerabilities
  • ×