There is much information on the controls that can be used to treat cybersecurity issues. In this Appendix, I have tried to limit it to three significant sources of advice:
- Critical Security Controls Version 5.0
- International Standards Organization (ISO)/ International Electrotechnical Commission (IEC) 27001 Controls
- National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 4 Controls
Critical Security Controls Version 5.0
A number of organizations have published a list of the 20 most critical security controls. This is based upon The Council on Cyber Security Critical Security Controls Version 5.0.
While this is not a comprehensive list, it does provide a good ...