This check list is intended as a comprehensive survey of the steps that corporations and other organizations should take to reduce their vulnerability to cyber attacks.

To make the check list's organization as clear and intuitive as possible, the vulnerabilities and counter-measures have been sorted according to six easy-to-distinguish categories of information system components:

1. hardware

2. software

3. networks

4. automation

5. humans

6. suppliers

Each of the main areas in which cyber attacks could take place has been subdivided further into two or more attack avenues. These narrower attack avenues are organized according to the activities that need to be carried out or overseen in order to maintain the security of those information system components. This leads to sixteen avenues, where there are further headings that group the counter-measures used to protect those attack avenues. All of the individual vulnerabilities in the check list are described in terms of the counter-measure that should be taken to eliminate or minimize them.

This Cyber Security Check List is provided through the ISA Strategic Partnership with U.S. Cyber Consequences Unit (US-CCU). The US-CCU does not do any private or commercial work. The mission of the US-CCU is to provide America and its allies with the concepts and information necessary for making sound security decisions in a world where our physical well-being increasingly depends on cyber-security.