Budgeting for the Critical Security Controls
In 2008, the National Security Agency (NSA) initiated an effort to prioritize the controls within the multiple frameworks to identify a manageable set of controls that are effective in implementing a Cybersecurity program with an “offense must inform defense” approach designed to directly address how attacks happen.
Cyber security fills the headlines with reports of data breaches and cyber attacks from all corners of the globe. Board rooms and executive management are more aware of the need for effective Cybersecurity today then they every have been. This awareness is driving action as many organizations look to frameworks for guidance on building effective security programs. The Critical Security Controls provides a Cybersecurity controls-based framework designed to directly address the actions attackers are taking. Creating a plan and gaining support for implementing a security program based on a control framework can be a daunting task. This paper will discuss a method for using the Critical Security Controls framework in conjunction with the NIST Cybersecurity framework to plan, budget and communicate the implementation project to senior executives.
To continue to read this white paper please click the link below: