Common Sense Security Framework

In order to protect your business, you need to secure your business. Easier said than done, right?

The goal of the Common Sense Security Framework (CSSF) is to help business owners identify those fundamental controls they need to have in place in order to protect the systems and applications on which their business relies.

The CSSF identifies seven (7) areas that require protection, along with three (3) of the most effective, useful controls in each area. The end results is a list of twenty-one (21) questions that every business owner needs to answer in order to have a fundamental understanding of whether or not his or her business is exposed.

  1. Protect Your Applications
  2. Protect Your Endpoints
  3. Protect Your Network
  4. Protect Your Servers
  5. Protect Your Data
  6. Protect Your Locations
  7. Protect Your People

If you’d like to know how well your business stacks up, download the Common Sense Security Framework Questionnaire and answer those twenty-one (21) questions, providing a brief explanation for each of your answers.

If you answer no to any of those questions, reach out to your information security/technology partner for help in how you can update your controls in order to answer yes.

If you’d like to see the original CSSF presentation from the Columbus BSides 2015 security conference, you can download it here (Common Sense Security Framework – BSides) or you can view the presentation online here. (Thanks, Adrian!)

Stay safe out there!


[Content is available under GNU Free Documentation License 1.2 unless otherwise noted.]