In 2008 the Secretary of Defense requested the assistance of the NSA to develop a prioritized list of security controls. This began the process that led to what is now known as the Twenty Critical Security Controls. Many organizations are now implementing the controls with great success. The US State Department reports that it was able to achieve an 88% reduction in vulnerability-based risk by implementing the controls.
In this presentation John will discuss the history of the Twenty Critical Security Controls, the philosophy and approach they are based on, the components of a control, and the objective of each control. Additionally, John will discuss the process of implementing each control. Finally, John will show how organizations are implementing the controls and the real world results the Twenty Critical Controls are generating.
John Millican
John is currently a Principal with the Office Of The CIO providing executive level information security services to Bay Area organizations. He has forty-six years of experience in iT including stints as CISO for Expedia Inc., and VP of IT Operations at Hotwire. John was the first person certified by the SANS Institute in the assessment and implementation of the Twenty Critical Security Controls.
Location has change!
2841 Mission College Boulevard,
Santa Clara, CA
- Floor 04 Room CR-120 - VOLDEMORT A