The SANS 20 Critical Security Controls is a list designed to provide maximum benefits toward improving risk posture against real-world threats. The SANS Top 20 CSC are mapped to NIST controls as well as NSA priorities. The SANS 20 is a flexible starting point, applicable to nearly any organisation regardless of size, industry, geography or government/commercial. Developed and maintained by an international group of organisations, government agencies and security experts, the controls are prioritised to protect the organisation’s infrastructure and data by strengthening the organisation’s defence system through continuous automated protection and monitoring
(Critical Security Controls).
CSC 1: Inventory of Authorised and Unauthorised Devices
CSC 2: Inventory of Authorised and Unauthorised Software
CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
CSC 4: Continuous Vulnerability Assessment and Remediation
CSC 5: Controlled Use of Administrative Privileges
CSC 6: Maintenance, Monitoring and Analysis of Audit Logs
CSC 7: Email and Web Browser Protections
CSC 8: Malware Defenses
CSC 9: Limitation and Control of Network Ports, Protocols and Services
CSC 10: Data Recovery Capability
CSC 11: Secure Configurations for Network Devices, such as Firewalls, Routers and Switches
CSC 12: Boundary Defense
CSC 13: Data Protection
CSC 14: Controlled Access Based on the Need to Know
CSC 15: Wireless Access Control
CSC 16: Account Monitoring and Control
CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps
CSC 18: Application Software Security
CSC 19: Incident Response and Management
CSC 20: Penetration Tests and Red Team Exercises
"I would recommend Cyber Management Alliance’s tabletop workshops to anyone genuinely interested in being on top of their cyber incident response strategies. The format and style of conducting the entire workshop is what I found a lot of value in. Most importantly, the scenarios on which the workshop was based were relevant to the business, making the exercise a great investment of time and resources."
Chief Information Officer - Director - Investment Management, London
"The CCTE and corresponding audit conducted by Cyber Management Alliance Ltd was expertly delivered and has given us insights to reinforce our cyber strategy by continuing to help build the picture of where we were, where we are now and our next focussed steps. We will be engaging CM-Alliance on an annual basis."
Strategic Technology Leader
Aster Group UK
"Amar is a unique individual, able to look at the minute detail of a security issue whilst holding onto a commercially aware "bigger picture". His largest impact was the design, procurement and implementation of a new firewall solution for the Trust which was a remarkably smooth project."
Tony Ball
Royal Berkshire NHS Foundation Trus
"I worked with Amar on a complex requirement that he was trying to fulfil. He is a proficient communicator and was able to dissect the request down into smaller, measurable pieces of work."
Senior IT Security Consultant
"Amar brings a unique mix of business strategy, technical and managerial experience. He is a thought leader on a large number of cyber related topics including response planning in event of a major cyber incident, responding to cyber attacks, training for senior executives and setting the correct agenda at board level."
CITI BANK
"Amar is marvelous in his knowledge and experience on cyber security and data protection. He comes with a vast experience and knowledge bank. I have not seen many professionals like him in the industry, as he has a deep technical understanding and a very good commercial and business focused mindset."
Head-Business Operations @ Enterprise Security Risk Managment
TATA CONSULTANCY SERVICES
"Amar is a knowledge leader in the domain of IT Security, Privacy, GRC and I have benefitted from his Cyber Business Executive Programme at Shrivenham, U.K. Now it is a life long connection and an opportunity to discuss Cyber with a reliable friend as and when I need."
TATA CONSULTANCY SERVICE
"I've enjoyed sharing information with Amar, meeting over coffee's to discuss emerging trends in Cyber and learning about the challenges faced by a CISO within a large organisation. I continue to look forward to Amars publications on Information Security and find him a very interesting person to work with."
News International
"Amar is unique; A great person with a very creative and fresh approach to information security & risk management. He is very experienced professional, a very good influencer and finds always the right way to communicate."
Cyberr Security Manager KPMG
"Amar was a keynote speaker as well as a panelist on the Hackers versus CISOs debate at the 2012 Global CISO Forum. He brought a lot of expertise and insight to the event and was a major contributor to the overall success. He was great to work with and extremely generous with his time and knowledge."
EC-Council
"Amar was a keynote speaker as well as a panelist on the Hackers versus CISOs debate at the 2012 Global CISO Forum. He brought a lot of expertise and insight to the event and was a major contributor to the overall success. He was great to work with and extremely generous with his time and knowledge."
EC-Council
"Amar is unique; A thorough professional he is both technically sound and experienced in engaging and winning over executive leadership and has the acumen to drive the Information Security message throughout the organisation."
Manager, Solutions Architecture
"I like Amar's unique and fresh approach to information security & risk management. Very business-like with a constant focus on practical Information security I am greatly impressed with the way he deals with all level of management including Senior C level executives to the super techies and of course us project managers. A true professional in every sense."
Senior Project Manager at National Grid
Atos International
