Although it may seem fast-paced and glamorous, the cyber threat landscape is actually more populated with simple, garden-variety attacks than sophisticated and exotic techniques. With free tools and kits, it's become easier than ever to engage in phishing, cross-site scripting, and other malicious activities. By shifting our perspective from the Hollywood-induced imagery of hackers, we can begin to see that effective cybersecurity is more about building good habits, practices, and routines.
A simple place to start is to take a look at your organization's technical environment. Do you know how many devices the organization is responsible for? What about BYOD (Bring Your Own Device) cell phones, printers, and other network devices?
This is the first of the 20 CIS Controls™. The CIS Controls are a prioritized set of actions to protect your organization and data from known cyber attack vectors. The CIS Controls are designed to help organizations cut through the confusion of the changing cybersecurity world that is constantly shifting and reacting to new threats and vulnerabilities.
Since 2008 the CIS Controls have been developed using a consensus approach involving discussion groups, forums, and community feedback. They are continuously updated and refined by a global volunteer community of cybersecurity experts. The launch of V7 was the result of feedback from a community of more than 300 individuals.
The development of CIS Controls V7 was based on 7 key principles; the first three of which clearly summarizes their importance:
- Address current attacks, emerging technology, and changing mission/business requirements for IT.
- Bring more focus to key topics like authentication, encryptions, and application whitelisting.
- Better align with other frameworks (like NIST Cybersecurity Framework).
There are 20 CIS Controls ranging from inventorying the devices on a network to training employees to recognize cyber threats. Each CIS Control contains a list of items to review or actions to take on the path to effective cybersecurity.
Today the CIS Controls are used by thousands of global enterprises. The CIS vision is to lead the global community to secure our connected world, and so CIS offers the CIS Controls free for organizations to download and implement.
Download CIS Controls Version 7