Known threats...
But what if an idea is proposed that is better suited as a *proactive* defense against attack vectors as yet unknown?
A consortium of US federal agencies have drawn up a list of critical security controls they hope will serve as a gold standard for cybersecurity. The Consensus Audit Guidelines (CAG) list is part of larger plans to apply the CSIS Commission report on cybersecurity as a blueprint for making information security systems more …
All very worthy, but doesn't mean a thing without a management system to ensure that the parameters chosen (eg for "control of ports, protocols and services") are aligned with the needs of the organisation and (equally important) stay aligned as the needs evolve. It's a pity no-one in the US seems to have heard of ISO 27001 - oh I forgot, it's Not Invented Here.