Meet John Gilligan. John Gilligan, the President of Gilligan Group, is a proven IT innovator with a strong blend of leadership and operational experience.
The Cyber Security Commission formed to advise the incoming Administration released its recommendations on December 8th. John Gilligan co-authored the report.
Managing Complexity. In his government career, Mr. Gilligan successfully managed some of the most complex IT development and integration programs.

Resume

The 20 Most Important Controls and Metrics


for Effective Cyber Defense and Continuous FISMA Compliance

PUBLISHED: February 23, 2009


NOTE: An updated version of this topic was published on November 13, 2009. For the latest up-to-date information, please visit the updated page

NOTICE to Readers of this Draft Document: Criticisms and suggestions are strongly encouraged.

If you are actively engaged in cyber forensics, red teams, blue teams, technical incident response, vulnerability research, or cyber attack research or operations, please help make sure this document is as good as it can be.

We also request support in identifying users who have implemented scalable methods for measuring compliance with these controls and producing sharable benchmarks and other types of baseline guidance that can be used to drive tool-based assessment of as many of these controls as possible.

Send criticism/comments/suggestions to John Gilligan as well as to cag@sans.org by March 25, 2009.

To promote ease of use in viewing this Portable Document Format (PDF) document, it is presented in iPaper on our Scribd page. The embedded version appears below.

If you prefer traditional PDF format, you can also download the 20 Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance report or open it using a PDF Reader plug-in from your browser. If you do this, a reader is required for viewing.

Twenty Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance