Schedule a Call with our Certified Security Manager

Protect your organization through CIS Controls

Data and systems are not well protected, and vulnerable to security breaches and attaches. Sharing information and files outside of the company also poses security threats, and employees’ personal devices used for work are not secure.

Many security frameworks exist and we will share why we’ve adopted the CIS (Center for Internet Security) framework as our standard  and incorporate additional framework controls like HIPAA, OSFI, PCI, NIST, and others to address our client’s goals.

The CIS Controls are a set of well-vetted and supported security actions that organizations can take to assess and improve their current security state. The true power of the CIS Controls is not about creating the best list of things to do, it is harnessing the experience of a community of individuals and enterprises to make security improvements through the sharing of ideas and collective action.

Basic

  1. Inventory and Control of Hardware Assets
  2. Inventory and Control of Software Assets
  3. Continuous Vulnerability Management
  4. Controlled Use of Administrative Privileges
  5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  6. Maintenance, Monitoring and Analysis of Audit Logs

Organization

17. Implement a Security Awareness and Training Program
18. Application Software Security
19. Incident Response and Management
20. Penetration Tests and Red Team Exercises

Foundational

7. Email and Web Browser Protections
8. Malware Defenses
9. Limitation and Control of Network Ports, Protocols and Services
10. Data Recovery Capabilities
11. Secure Configuration for Networks Devices, such as Firewalls, Routers and Switches
12. Boundary Defense
13. Data Protection
14. Controlled Access Based on the Need to Know
15. Wireless Access Control
16. Account Monitoring and Control

Why the

CIS Controls Work?

The CIS Controls are informed by actual attacks and effective defenses and reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, individuals); with every role (threat responders and analysts, technologists, vulnerability-finders, tool makers, solution providers, defenders, users, policy-makers, auditors, etc.); and within many sectors (government, power, defense, finance, transportation, academia, consulting, security, IT) who have banded together to create, adopt, and support the Controls. Top experts from organizations pooled their extensive first-hand knowledge from defending against actual cyber-attacks to evolve the consensus list of Controls, representing the best defensive techniques to prevent or track them. This ensures that the CIS Controls are the most effective and specific set of technical measures available to detect, prevent, respond, and mitigate damage from the most common to the most advanced of those attacks.

For organizations looking to improve their security posture and improve their defenses, the CIS Critical Security Controls are a great starting point to reduce your risk of exposure and mitigate the severity of cyberattacks. Learn what CIS controls are most applicable to your organization. Schedule a call and get your no obligations sizing and scoping with our team of certified security professionals.

Schedule a Call with our Certified Security Manager