Nine Critical Cybersecurity Program Controls
Here’s our list of nine controls that form the basic building blocks for a strong cybersecurity posture. Mastering these can completely transform your organization’s security strategy.
Critical IT Resources and Applications
Critical IT Resources and Applications
Identify and prioritize the protection of essential systems and software which are the foundation of your daily operations, like financial systems and customer databases.
Security Controls
Security Controls
Gauge how effective are your technical and procedural measures to safeguard your systems, data, and users.
Active Directory
Active Directory
Assess the security around how well the organization manages user access and permissions.
Vulnerability Management
Vulnerability Management
Determine how well you identify, prioritize, and remediate vulnerabilities in your systems and software.
Human Risk Management
Human Risk Management
Evaluate your strategies around addressing security risks posed by human error or malicious intent.
Policies and Procedures
Policies and Procedures
Review how clear and effective are your written security policies and procedures.
Business Continuity
Business Continuity
Assess how’s your ability to recover from a disruptive event that can impact the IT systems.
Third-Party Vendor Management
Third-Party Vendor Management
Evaluate the security practices followed by your vendors and how well you’re able to manage associated risks.
Key Cybersecurity Stakeholders
