I’ll be honest – my first reaction when I heard about the SANS Consensus Audit Guidelines (CAG), was that our industry didn’t really need yet another framework or standard. But when I read them, I realized this was put together by experienced security professionals who all too often were successful on multiple occasions in breaking into systems during a penetration test at the same customer, or had to perform incident response for the same customer a third or fourth time.
↧