Compass IT Compliance Blog

The SANS Top 20, A Vulnerability Assessment, and Penetration Testing

The SANS Top 20 Critical Security Controls outline the 20 most critical controls that an organization should implement to ultimately reduce their overall risk of suffering a data breach. These controls were originally developed in 2008 by the NSA at the request of the Office of the Secretary of Defense. Since that time, the controls have undergone several revisions with leaders from the US Government, International Government Leaders, and private organizations from around the world. These controls are widely considered essential and some estimates have shown that by implementing these controls, organizations are able to mitigate their risk by 94%. While all the controls are important, there are two specific CSC's that are often confused, misused, and not implemented correctly. These CSC's would be: 

IT Risk Assessment and the SANS Top 20 - Part I

Last week we discussed the SANS Top 20 Critical Security Controls (CSC), what they are, and where they came from. This week we are going to start to dig into a handful of the Critical Security Controls to discuss what they are and why these controls are so important. In fact, industry experts suggest that if an organization can implement and measure themselves against all 20 of the CSC's, they can reduce their risk by up to 94%. This illustrates the importance of the SANS Top 20 and why we are seeing such an increase in organizations using these Critical Security Controls as the measuring stick for their IT Security program. 

IT Risk Assessments and the SANS Top 20

The Best Cyber Monday Gift: A Security Risk Assessment

Cyber Monday is in the books for 2015 and it is expected to be another record year for online spending. Analysts expect that individuals will spend around $2.4 billion online this past Cyber Monday, an 18% - 20% increase over last year. While there were some deals to be found out there online, there is certainly a level of risk that comes with online shopping. When you combine this inherent risk with the fact that 95% of individuals planned to do some online shopping from work, your company might be opening themselves up for a cyber-attack without even knowing it.

US-CERT recently issued an alert stating that holiday phishing scams and malware attacks are on the rise this year and we are just entering the busiest part of the holiday shopping season. Some of these attacks might look like the following: