The SysAdmin, Audit, Network and Security (SANS) Institute is a private, for-profit organization that offers information security and cybersecurity training and certification in 90 cities around the world (TechTarget, 2016). The Institute was founded in 1989 as a cooperative dedicated to IT security research and education (TechTarget, 2016). SANS CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks.
A principal benefit of the Controls is that they prioritize and focus a smaller number of actions with high pay-off results. The Controls are effective because they are derived from the most common attack patterns highlighted in the leading threat reports and vetted across a very broad community of government and industry practitioners. They were created by the people who know how attacks work – NSA Red and Blue teams, the US Department of Energy nuclear energy labs, law enforcement organizations and some of the nation’s top forensics and incident response organizations – to answer the question, “what do we need to do to stop known attacks.” That group of experts reached consensus and today we have the most current Controls. The key to the continued value is that the Controls are updated based on new attacks that are identified and analyzed by groups from Verizon to Symantec so the Controls can stop or mitigate those attacks (SANS Institute, 2019).
The Controls take the best-in-class threat data and transform it into actionable guidance to improve individual and collective security in cyberspace. Too often in cybersecurity, it seems the “bad guys” are better organized and collaborate more closely than the “good guys.” The Controls provide a means to turn that around (SANS Institute, 2019).
SANS Institute. (2019). CIS Critical Security Controls. Retrieved from https://www.sans.org/critical-security-controls
TechTarget. (2016, May). What is SANS Institute? – Definition from WhatIs.com. Retrieved from https://whatis.techtarget.com/definition/SANS-Institute