(October, 2013) — With critical security controls to address the cyber security threat front and center, this paper sets out three principles for making smarter more economical investments.
The paper which makes an economic case for prioritizing critical security controls was published by the AFCEA International Cyber Committee, where John M Gilligan is co-chair.
Critical Security Controls is Where You Start
- Implementation of a comprehensive baseline of security controls — the critical controls — that address threats that are of low to moderate sophistication is essential and is economically beneficial.
- Focus security investment beyond the baseline controls to counter more sophisticated attacks against the functions and data that are most critical to an organization.
- For sophisticated attacks, an organization should accept the security risk of not protecting functions and data that are of lowest impact to the organization’s mission and where cost exceeds benefits.
[To promote ease of use in viewing this Portable Document Format (PDF) document, it is presented in iPaper on our Scribd page. The embedded version appears below and can be downloaded, emailed or seen in full screen mode using the controls on the bottom right of this feature.]