Data and systems are not well protected, and vulnerable to security breaches and attaches. Sharing information and files outside of the company also poses security threats, and employees’ personal devices used for work are not secure.
Many security frameworks exist and we will share why we’ve adopted the CIS (Center for Internet Security) framework as our standard and incorporate additional framework controls like HIPAA, OSFI, PCI, NIST, and others to address our client’s goals.
The CIS Controls are a set of well-vetted and supported security actions that organizations can take to assess and improve their current security state. The true power of the CIS Controls is not about creating the best list of things to do, it is harnessing the experience of a community of individuals and enterprises to make security improvements through the sharing of ideas and collective action.