Most cybersecurity professionals know the CIS Top Five Critical Security Controls. Yet, the evidence that they are effective is slim. Using data on cyber-incidents, researchers looked at the attack paths used by adversaries and determined what controls could have disrupted these attack paths. The result is a new set of critical controls that organizations should implement on a priority basis.
1: Understand evidence-based approach to selecting controls.
2: Understand why the “new top five” controls were selected.
3: Chart a pathway to implementing the new top five controls.