SANS awarded their 2011 US National Cybersecurity Innovation Award to this project. Click here for details.
---- Update: -----
The Australian Defence Signal Directorate has published an update to this document. In their experience 85% of all incidents could have been avoided by the implementation of the top 4 recommendations:
- Patch applications e.g. PDF viewer, Flash Player, Microsoft Office and Java. Patch or mitigate within two days for high risk vulnerabilities. Use the latest version of applications.
- Patch operating system vulnerabilities. Patch or mitigate within two days for high risk vulnerabilities. Use the latest operating system version.
- Minimise the number of users with domain or local administrative privileges. Such users should use a separate unprivileged account for email and web browsing.
- Application whitelisting to help prevent malicious software and other unapproved programs from running e.g. by using Microsoft Software Restriction Policies or AppLocker.
The 85% number is derived from incident data within the Australian government in 2010 and represents an increase from the 70% figure for 2009.
The attached "Top 35 Mitigations" provides some implementation guidelines (start small, build incrementally) and the full list of techniques..
----- Old post -----
This document by the CERT Australia from 2010 is an excellent guide to the implementation of security technologies rating them by efficiency, user resistance/impact and cost.
Top recommendations are:
- Patch OS, with excellent security effectiveness, low user resistance and medium cost. It prevents intrusions and thwarts malware execution at the earliest possible level
- Patch 3rd party apps - same, with a somewhat higher cost due to the additional tools necessary