Prioritizing the SANS 20 Critical Security Controls to Solve Endpoint Security Risks

Webinar Registration

In concert with a global consortium of agencies and experts from private industry, The SANS Institute created a list of 20 actionable controls with high payoff. I like this framework a lot because it is practical and straightforward.

Other frameworks like ISO 27000-series and COBIT certainly have their place. But those 100+ page documents are just too big and too theoretical to be of practical value for most of us and many of our organizations. On the other hand the SANS 20 list is something you can start using today but it has sufficient depth and the ongoing commitment of a dynamic organization like SANS to make it something you keep coming back to. The framework actually provides specific recommendations on how to implement the control at a technical level. The only other framework, well more of a regulatory requirement, that comes close to this list in terms of pithy practical guidance is PCI believe it or not.

Here's a quick rundown of the SANS 20

  1. Inventory of Authorized and Unauthorized Devices
  2. Inventory of Authorized and Unauthorized Software
  3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  4. Continuous Vulnerability Assessment and Remediation
  5. Malware Defenses
  6. Application Software Security
  7. Wireless Access Control
  8. Data Recovery Capability
  9. Security Skills Assessment and Appropriate Training to Fill Gaps
  10. Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
  11. Limitation and Control of Network Ports, Protocols, and Services
  12. Controlled Use of Administrative Privileges
  13. Boundary Defense
  14. Maintenance, Monitoring, and Analysis of Audit Logs
  15. Controlled Access Based on the Need to Know
  16. Account Monitoring and Control
  17. Data Protection
  18. Incident Response and Management
  19. Secure Network Engineering
  20. Penetration Tests and Red Team Exercises

In this webinar I will briefly introduce you to the entire list but then I will focus in on those controls that relate to endpoint security which are 1-4, 6, 12 and 18.

If you follow my work you know that my biggest area of concern is the end point; that is where I see us losing the battle based upon my own security assessment practice and research, and that is only reinforced by available details of high profile data breaches.

So I think starting with the end point is probably the best place for most of us to start with the SANS 20 list. Therefore I asked the KACE team at Dell Software to sponsor this real training for free ™ event. Ken Chalberg from Dell will briefly show you how their easy to use appliance-based systems management solutions can help you implement and automate the endpoint and operational related security controls of the SANS 20.

Don't miss this real training for free ™ event. Please register now!

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
Address:  
City:  
State:  
Zip/Postal Code:  
How many employees does your company have?:
Number of total computers managed?:
Were you referred to this webcast from a Dell partner?:
If so which partner referred you?:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources