Skip to main content

SANS Institute Critical Controls

(0 comments)

"The SANS Institute has released their "Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines".  Note that  two-factor authentication is listed under boundary controls:

 

Vis/Attrib: Require all remote login access (including VPN, dial-up, and other forms of access that allow login to internal systems) to use two-factor authentication.

Here's the definition of 'Vis/Attrib', by the way:

Improved Visibility and Attribution: These subcontrols focus on improving the process, architecture, and technical capabilities of organizations so that organizations can monitor their networks and computer systems, gaining better visibility into the IT operations. Attribution is associated with determining which computer systems, and potentially which users, are generating specific events. Such improved visibility and attribution support organizations in detecting attack attempts, locating the points of entry for successful attacks, identifying already-compromised machines, interrupting infiltrated attackers' activities, and gaining information about the sources of an attack. In other words, these controls help to increase an organization's situational awareness of its environment. These items are labeled as "Vis/Attrib.

This compares to 'Quick Win':

Quick Wins: These fundamental aspects of information security can help an organization rapidly improve its security stance generally without major procedural, architectural, or technical changes to its environment. It should be noted, however, that a Quick Win does not necessarily mean that these subcontrols provide comprehensive protection against the most critical attacks. The intent of identifying Quick Win areas is to highlight where security can be improved rapidly. These items are identified in this document with the label of "QW."

I just want to point out that one of our goals at WiKID is to make two-factor authentication easier to use and less expensive.  In the SANS nomenclature, to move it from a Vis/Attrib to a Quick Win.  I would argue that the benefits of using two-factor authentication far outweigh the hassles already. 

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom