CIS Controls

Get a Quote

CIS Controls

TL;DR:

Imagine your company’s cybersecurity as a fortress. The CIS Controls are like a detailed blueprint for building and maintaining this fortress. They help you keep an eye on the walls (monitoring and maintaining cyber defenses), fix any cracks quickly (reducing exposure time of vulnerabilities), and ensure only trusted people can enter (identifying unauthorized assets). They also improve your guards’ skills (email and web browser protections), prepare you for emergencies (incident response plan), educate your team (security awareness program), and set up traps to catch intruders (defense mechanism against malware). Additionally, they help you manage who has the keys to the fortress (authorization to credentials). These controls are essential for keeping your digital fortress strong and secure.

Details for the Techies:

CIS Controls, also known as the CIS Critical Security Controls, are a prioritized set of actions developed by a global IT community to protect organizations and their data from known cyber attack vectors. These controls are prescriptive, prioritized, and simplified best practices that help organizations strengthen their cybersecurity posture. The CIS Controls consist of 18 overarching measures, each with specific and unique actions known as Safeguards. These Safeguards guide the implementation of the controls and require minimal interpretation.

Key CIS Controls include:

  • Continuous Vulnerability Management: Minimizes the time vulnerabilities are exposed, reducing the window of opportunity for attackers.
  • Inventory and Control of Hardware and Software Assets: Helps identify unauthorized assets to remove from the network or remediate.
  • Email and Web Browser Protections: Enhances protections and detections of threats from email and web vectors.
  • Incident Response and Management: Assists in developing and maintaining an incident response plan to effectively respond to and recover from security incidents.
  • Security Awareness and Training: Establishes and maintains a security awareness program to influence behavior among the workforce.
  • Malware Defenses: Provides mechanisms to prevent the spread of malware.
  • Access Control Management: Uses processes and tools to assign and manage authorization to credentials for user accounts.

The CIS Controls are designed to simplify the approach to threat protection, achieve essential cyber hygiene, and comply with industry regulations such as PCI DSS, HIPAA, and GDPR. https://www.cisecurity.org/controls

Wiki

You May Also See

Attack Surface

TL;DR: Imagine your company's digital environment as a fortress. The attack surface is like all the doors, windows, and secret passages that an attacker could use to break in. The more entry points there are, the more opportunities for a breach. Reducing the attack...

Bitlocker

TL;DR: Imagine you have a safe at home where you keep all your valuable items. Now, think of BitLocker as a digital safe for your computer. It locks up all the data on your computer's hard drive so that if someone tries to access it without your permission, they can't...

CMMC

TL;DR: Imagine you have a house with valuable items inside, and you want to make sure it's secure. You might install locks, alarms, and cameras to protect it. The Cybersecurity Maturity Model Certification (CMMC) is like a security system for companies that work with...

Conditional Access Policies

TL;DR: Imagine you have a special key to access different rooms in a building. However, to use this key, you need to meet certain conditions. For example, you might need to show your ID or enter a password. Conditional Access Policies work similarly. They are like...

Consumption Based Services

TL;DR: Imagine you have a utility bill for your home. You only pay for the electricity, water, and gas you actually use each month, rather than paying a flat fee regardless of your consumption. Similarly, consumption-based services in cloud platforms like Microsoft...