Update on Implementing the 20 Critical Controls

Wednesday, May 03 | 8:00AM–9:00AM | Denver Ballroom 1-3, Lower Level 2
Session Type: Breakout Session
Delivery Format: Concurrent Session
VA Tech's IT security strategy is based on the ISO 27002 standard. The Center for Internet Security 20 Critical Controls provide an operational bridge between the standard and actual implementation of a security strategy. The 20 controls provide an effective defense against 75% of known attacks. VA Tech is implementing the 20 Critical Controls as its operational security strategy. This talk presents an update to this multiyear project. Sample gap analysis questionnaires, spreadsheets, and guidance documents developed during this process will be shown and made available to attendees. This is a topic specific/intermediate level session.

Outcomes: Learn what the controls are and how they are effective defensive steps * Get access to existing tools to get the process started ASAP * Learn how current techniques map to the 20 Critical Controls


  • Randy Marchany

    University IT Security Officer, Virginia Tech

Resources & Downloads

  • Update on Implementing 20 Critical Controls_slides

    368 KB, pdf - Updated on 1/22/2024