Additional Resources: John Gilligan's website http://www.gilligangroupinc.com/ 20 Critical Controls Whitepaper http://www.sans.org/critical-security-controls/cag.pdf SANS site http://www.sans.org/critical-security-controls/ User-vetted tools http://www.sans.org/critical-security-controls/user-tools.php A well-considered criticism of the 20 Critical Controls by Michael Smith, The Guerilla CISO http://www.guerilla-ciso.com/archives/1494 John Streufert's Dec. 2009 NIST presentation on IT Security Dashboards http://csrc.nist.gov/groups/SMA/forum/documents/nist-cisos_Dec2009-meeting.p df SCAP SCAP Overview http://nvd.nist.gov/scap/docs/SCAP.doc Michael Smith on SCAP http://www.guerilla-ciso.com/archives/1221 The above links are provided "as is" and are intended for reference only. Neither the National Capital Chapter nor ISSA International endorse or guarantee any of the content represented therein.