The interactive offers abbreviated descriptions of each control delivered through an animated Flex graphic. When selecting one of the interactive's controls, a pop up appears with a control description, a link to the extended control description, a link to user vetted tools, and an audio presentation from Eric Cole, a SANS instructor who helped formulate the controls.
"SANS has featured the controls for some time, but the interactive will make them easier to understand, follow, and implement," said Adam Ross, SANS' managing editor. "The controls are so text heavy, we figured there had to be a way to simplify and tell their story in a more succinct manner."
The controls are judged by leading cybersecurity experts to be the most commonly used, and effective ways computer attackers gain entry to systems and networks. The automation of these controls has radically lowered the cost of security while improving effectiveness. These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer. No development in security is having a more profound and far reaching impact. In one well known example, U.S. State Department Chief Information Officer John Streufert built a long-term continuous monitoring approach to cybersecurity with the critical controls in mind. In doing so, Streufert has demonstrated more than an 80 percent reduction in 'measured' security risk through the automation and measure of the controls.
Under the auspices of the Center for Strategic and International Studies, former U.S. Department of Energy and U.S. Air force Chief Information Officer John Gilligan brought together a consortium to determine and write the controls. Members of the consortium include NSA, US Cert, DoD, Cyber Crime Center, and the top commercial forensic experts and pen testers serving the banking and critical infrastructure communities.