Critical Top 20 Security Controls - SANS

Minimizing dwell time (duration for security incident/malware identification through resolution/eradication) is essential in the Cyber security Era. Damage/Risks can be minimized by considering the implementation and audit of SANS Institute’s Top 20 Critical Security Controls: inventory of authorized/unauthorized devices and software, secure configuration of mobile devices, continuous vulnerability assessment/remediation, malware defenses, application software security, wireless access control, data recovery capability, security skills training, secure network engineering and security network configuration, limitation of ports/services, controlled use of Admin privileges and need-to-know access basis, boundary defense, audit log monitoring/maintenance, data protection, incident response/management, and penetration testing. http://www.sans.org/critical-security-controls