Rapid7 SANS Top 20 Critical Security Controls Compliance Guide

Need for a Risk-Based Approach

A common factor across many recent security breaches is that the targeted enterprise was compliant, meaning they passed their Payment Card Industry (PCI) audit yet customer data was still compromised. Simply being compliant is not enough to mitigate probable attacks and protect critical information. In today’s constantly evolving threat landscape, organizations need to focus on securing the business first and documenting the process to show compliance second, not the other way around. While there’s no silver bullet, organizations can reduce chances of compromise by moving from a compliance-driven to a risk management approach to security.

What are the SANS Top 20 Critical Security Controls? 

In 2008, the SANS Institute, a research and education organization for security professionals, developed the Top 20 Critical Security Controls (CSCs) to address the need for a risk-based approach to security. Prior to this, security standards and requirements frameworks were predominantly compliance-based, with little relevance to the real-world threats they are
intended to address. The Top 20 Controls are prioritized to help organizations focus security efforts to have the greatest impact in improving their risk posture. According to the US State Department, organizations can achieve more than 94% risk reduction through rigorous automation and measurement of the Top 20 Controls.

To download your full copy of this compliance guide, fill out the form to the right.


Compliance Guide

To download the compliance guide, fill out the form below!