Leading Effective Cybersecurity with the Critical Security Controls
Over the past several years, global news coverage has been plagued with media headlines of multiple private and public institutions falling victim to significant data breaches. With this fact in mind, it is important to note that these breaches are happening in spite of the fact that there have been heavy investments in cybersecurity resources (people, processes, technology, etc.) over the past several years. When one combines the idea that significant data breaches continue to happen while large investments have been made to mitigate them, it paints a picture of an ineffective response to the problem. As such, two critical questions require further investigation. The first is what is preventing leadership from creating an effective response to the global cybersecurity problem? The second is how can the Critical Security Controls (CSCs) be used by leadership to overcome these challenges and improve effectiveness within their organization?
36797 (PDF, 3.20MB)
8 Mar 2016Related Content
SANS 2025 CTI Survey Webcast & Forum: Navigating Uncertainty in Today’s Threat Landscape
Research PaperThis paper explores results from the SANS 2025 CTI Survey, with insights into how cybersecurity...
- 20 May 2025
- Rebekah Brown, Andreas Sfakianakis
ASPM: Understanding the New Application Security Landscape
Research PaperMalicious actors continue to prey on the challenges of rapid software development cycles and cloud computing adoption. This paper examines where an application security posture management (ASPM) solution comes in.
- 18 Mar 2025
- Chris Edmundson, SANS Institute
ARMO’s Behavioral Cloud Application Detection and Response (CADR) Platform
Research PaperThis paper explores how ARMO Platform is attempting to solve the challenge with the industry’s first behavioral cloud application detection and response (CADR) product.
- 18 Mar 2025
- Moses Frost
2025 ICS/OT Cybersecurity Budget: Spending Trends, Challenges, and the Future
Research PaperThis white paper explores the findings of the 2025 SANS Survey on ICS/OT Security Budgets.
- 3 Mar 2025
- Dean Parsons
2025 SANS Detection Engineering Survey: Evolving Practices in Modern Security Operations
Research PaperTo dive deep into understanding the current state and future trends of this critical field, SANS has partnered with Anvilogic to conduct a comprehensive survey of Detection Engineering professionals across various industries. Dive into the findings in this whitepaper.
- 24 Feb 2025
- Terrence Williams
Securing the Web: Shortening TLS Certificate Lifespans for Enhanced Security
Research PaperGoogle has proposed changing the maximum validity period of TLS certificates from 398 to 90 days....
- 5 Dec 2024
- Travis Friedrich
Security, Cost, and Compliance in the Cloud for Medical Nonprofits
Research PaperMost Nonprofit Organizations (NPOs) are founded to serve or provide assistance to a neglected facet...
- 5 Dec 2024
- Michael Wisniewski
Lack of Intentionality: Honeypots Show Us Wandering Drones
Research PaperMany honeypot studies focus on the trends, sources, and motivations behind recorded attacks. For...
- 9 Oct 2024
- Jesse La Grew
Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety
Research PaperThis study aims to empirically evaluate whether programming languages designed with inherent memory...
- 20 Aug 2024
- Christopher Ross
Whacking Moles: Blocklists and Their Role in the Endless Cycle of Malicious Domain Registration
Research PaperFiltering out the evildoers on the Internet is an endless and often unavailing task. With millions...
- 7 Feb 2024
- Shawn Reinhart
Establishing Confidence in Software Bill of Material (SBOM) Vulnerability Analysis
Research PaperWhen inquiring with IT professionals today, be they system administrators or cybersecurity experts,...
- 8 Dec 2023
- Miguel Rodriguez
Detecting Rogue Ethernet Switches Using Layer 1 Techniques
Research PaperEthernet is a ubiquitous standard for local area networks (LAN) and commonly used in other networks....
- 29 Nov 2023
- Jennifer Walker
NTP Over IPv6: A New Look at an Old Protocol
Research PaperThe Network Time Protocol (NTP), described in RFC 5905, is an important and often hidden component...
- 31 Aug 2023
- Jacob Magdziarz
Defeat the Dread of Adopting DMARC: Protect Domains from Unauthorized Email
Research PaperMany large organizations do not implement Domain-based Message Authentication, Reporting, and...
- 11 Nov 2020
- Tim Lansing
Defense in Depth for a Small Office/Home Office
Research PaperMuch attention is given to enterprise security with expensive solutions and teams of both IT and...
- 18 Dec 2019
- Gregory Melton
Security Considerations for Voice over Wi-Fi (VoWiFi) Systems
Research PaperAs the world pivots from Public Switched Telephony Networks (PSTN) to Voice over Internet Protocol...
- 30 Apr 2019
- Joel Chapman
Cyber Threats to the Bioengineering Supply Chain
Research PaperBiotechnology and pharmaceutical companies rely on the sequencing of DNA to conduct research,...
- 12 Feb 2019
- Scott Nawrocki
Cyber Defense Challenges from the Small and Medium-Sized Business Perspective
Research PaperWith 5.7 million SMBs in the United States, it is essential that the risks involving cybersecurity...
- 17 Nov 2017
- Aric Asti
Threat Rigidity in Cybersecurity
Research PaperFear Uncertainty and Doubt (FUD) works as an influence strategy by amateur cybersecurity...
- 3 Nov 2017
- Mike Weeks
Botnet Resiliency via Private Blockchains
Research PaperCriminals operating botnets are persistently in an arms race with network security engineers and law...
- 22 Sep 2017
- Jonny Sweeny