VA Tech's IT security strategy is based on the ISO 27002 standard. The Center for Internet Security 20 Critical Controls provide an operational bridge between the standard and actual implementation of a security strategy. The 20 controls provide an effective defense against 75% of known attacks. VA Tech is implementing the 20 Critical Controls as its operational security strategy. This talk presents an update to this multiyear project. Sample gap analysis questionnaires, spreadsheets, and guidance documents developed during this process will be shown and made available to attendees. This is a topic specific/intermediate level session.
Outcomes: Learn what the controls are and how they are effective defensive steps * Get access to existing tools to get the process started ASAP * Learn how current techniques map to the 20 Critical Controls
University IT Security Officer, Virginia Tech
Resources & Downloads
Update on Implementing 20 Critical Controls_slides