Cybersecurity frameworks started appearing on the radars for IT and Cybersecurity professionals around 2013, arriving from multiple sources. Some of the earliest examples include:
- The Australian Government’s Australian Signals Directorate (ASD) identified the “top 4 controls” found to be effective at mitigating the most common cybersecurity threats. By 2017, this project had evolved to a baseline known as The Essential Eight, which continues to be updated and promoted in the present day.
- In a brief presentation at the RSA Conference 2014, industry veteran Tony Sager gave a first-hand account of how the Critical Security Controls (CSC) movement unfolded in the United States. From its roots in 2008 as “a little afternoon project” involving ten intelligent people working at the National Security Agency to an initial top 10 list shared informally within the information security industry, it evolved to a broader and more formal coordination through the SANS Institute — the “SANS Top 20.” After that, the CSC were moved from SANS to the stewardship of the independent, non-profit Council on Cybersecurity starting in 2013, then transferred…
