In some of our training we’ve mentioned to people that we’ve published a number a whitepapers on the Critical Security Controls in conjunction with the SANS Institute and various other vendors. Unfortunately we’ve also discovered that many of these whitepapers can be difficult to locate on the SANS Institute’s website. So we wanted to compile a list of some of the more relevant whitepapers that we think might help people in their efforts implementing the Critical Security Controls.
Here’s a list of some of those whitepapers with their links:
A Real-Time Approach to Continuous Monitoring (http://www.sans.org/reading-room/analysts-program/netwitness-splunk-monitoring)
Network Security: Theory Versus Practice (https://www.sans.org/reading-room/analysts-program/breaking-point-network-security)
Implementing the 20 Critical Controls with Security Information and Event Management (SIEM) Systems (http://www.sans.org/reading-room/analysts-program/siem-systems-arcsight)
Reducing Federal Systems Risk with the SANS 20 Critical Controls (https://www.sans.org/reading-room/analysts-program/20CriticalControls)
Streamline Risk Management by Automating the SANS 20 Critical Security Controls (http://www.sans.org/reading-room/analysts-program/streamline-risk)
Reducing Risk Through Prevention: Implementing Critical Security Controls 1-4 (http://www.sans.org/reading-room/analysts-program/tripwire-reducing-risk)
We hope you find these helpful as you consider utilizing the Critical Security Controls as a part of your information security architectures. If you ever have any questions on the subject, please don’t hesitate to reach out to us at firstname.lastname@example.org.