The 20 Critical Security Controls have been identified by a consensus of agency CIOs and Chief Information Security Officers (CISOs) across the government. Contributors to the process included security experts and federal managers from the Department of Defense, Department of Energy and the Federal Bureau of Investigation, as well as private computer forensics experts.The consensus effort of these cyber security experts from across the government identified a series of 20 specific critical security controls that are viewed as effective in blocking currently known high-priority attacks, as well as those attack types expected in the near future.

The Consensus Audit Guidelines were co-authored by John Gilligan, President of the Gilligan Group and former CIO of the U.S. Air Force and Department of Energy, and Ed Skoudis, founder and Senior Security Consultant with InGuardians and SANS Institute instructor. Both of these cyber security experts will lead sessions at the National Summit on Planning and Implementing the 20 Critical Security Controls.

Why this conference? Why now?

Though the CAG is a consensus document with participation from agency CIOs and CISOs from major government organizations, this crucial security "best practice" information needs to be understood and adopted by every level of an agency's IT team.

This conference is an opportunity for the government IT security community to gather for two days of immersion training on how to implement, automate, and measure the 20 Critical Controls for effective cyber defense. This is the ONLY conference with 2 days of Controls-focused sessions, and will teach you the 20 vulnerable elements of your agency's IT infrastructure - and the tools you can use to prevent them from attack.