Table 4 Percentage of sub-controls addressed per CSC control
From: Mapping the coverage of security controls in cyber insurance proposal forms
Control | % |
|---|---|
CSC 1: Inventory Authorized Devices and Unautorized Devices | 0 |
CSC 2: Inventory Authorized Devices and Unautorized Software | 0 |
CSC 3 : Secure Configurations for Hardware and Software on Mobile | 0.58 |
Devices, Laptops, Workstations, and Servers | Â |
CSC 4: Continuous Vulnerability Assessment and Remediation | 8.33 |
CSC 5: Controlled Use of Administrative Privileges | 0 |
CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs | 2.79 |
CSC 7: Email and Web Browser Protections | 0 |
CSC 8: Malware Defenses | 26.38 |
CSC 9: Limitation and Control of Network Ports, Protocols, and Services | 5.54 |
CSC 10: Data Recovery Capability | 29.17 |
CSC 11: Secure Configurations for Network Devices such as Firewalls, | 1.79 |
Routers, and Switches | Â |
CSC 12: Boundary Defense | 9.17 |
CSC 13: Data Protection | 4.11 |
CSC 14: Controlled Access Based on the Need to Know | 17.13 |
CSC 15: Wireless Access Control | 2.33 |
CSC 16: Account Monitoring and Control | 5.04 |
CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps | 10 |
CSC 18: Application Software Security Incident Response and Management | 4.58 |
CSC 19: Incident Response and Management | 6.54 |
CSC 20: Penetration Tests and Red Team Exercises | 3.67 |