Professional Documents
Culture Documents
Authors:
Travis Brennan
Shareholder
(949) 725-4271
Tbrennan@sycr.com
Katie Beaudin
(949) 725-4074
Kbeaudin@sycr.com
sycr.com
The Report singles out the 20 controls in the Center for Internet
Securitys Critical Security Controls (the Controls) as the minimum
level of information security that all organizations that collect or
maintain personal information should meet. In fact, the Report
virtually enshrines these standards into law, making clear that failure
to implement all the Controls that apply to an organizations
environment constitutes a lack of reasonable security. The Report
summarizes the Controls as follows:
(a) Know the hardware and software connected to your network;
(b) Implement key security settings;
(c) Limit user and administrative privileges;
(d) Continuously assess vulnerabilities and patch holes to stay
current;
(e) Secure critical assets and attack vectors;
(f) Defend against malware and boundary intrusions;
(g) Block vulnerable access points;
(h) Provide security training to employees and vendors with access;
(i) Monitor accounts and network audit logs; and
Katie Beaudin
(949) 725-4074
kbeaudin@sycr.com
This publication is provided for your convenience and does not constitute legal advice. It
is prepared for the general information of our clients and other interested persons. This
publication should not be acted upon in any specific situation without appropriate legal
advice.
1
PAGE 2