Copyright © 2017 ALM Media Properties, LLC. All Rights Reserved.
Information security programs are mandatory for certain industries and most government agencies. It can bewilder in-house counsel to navigate the many technical and administrative requirements. Fortunately, there are a number of resources to help. One framework, in particular, is gaining acceptance as a best practice for information security programs: the SANS Institute’s Top 20 Critical Controls. Both attorneys and management can use the SANS controls to prioritize and fund information security initiatives.