Friday, December 6, 2019
  • An epidemic of ransomware washes over healthcare
  • Cyber security in 2020 and beyond: Insights from the experts
  • How to Conquer Physical Threats
  • Automatic for the SOC People: How Automation Can Quell Those Pesky False Positives
  • Code Complete

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Security Bloggers Network 

Home » Cybersecurity » Data Security » 20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

by Travis Smith on May 2, 2018

Today, I will be going over Control 1 from version 7 of the top 20 CIS Controls – Inventory and Control of Hardware Assets. I will go through the eight requirements and offer my thoughts on what I’ve found.

Key Takeaways for Control 1

  • Start small. This is going to be a control that will need to be continually revisited as you mature the security operations of the organization. Many of these requirements can be done with free tools and managed with simple spreadsheet software. As the organization grows and more controls are implemented, these become more complex and integrate tightly with other requirements throughout the entire suite of CIS security controls.
  • Ask for guidance from vendors. Many of these requirements are core capabilities of vendors you already have in your environment. Bring up integrations with various other tools to unlock the full potential of the dollars you already spent.
  • Use standardized data formats. Unfortunately, other controls list out standardized data formats such as SCAP. As you begin scanning and gathering data, use common data formats that more complex tools utilize so you don’t need to lose valuable data when deploying new tools.

Requirement Listing for Control 1

1. Utilize an Active Discovery Tool

Description: Utilize an active discovery tool to identify devices connected to the organization’s network and update the hardware asset inventory.

Notes: By active discovery, they mean scanning the network to be able to find devices, such as a ping sweep. A quick win is using NMAP to do just that. However, once you get down to Control 3, you can use your vulnerability scanning tools to discover devices for you.

2. Use a Passive Asset Discovery Tool

Description: Utilize a passive discovery tool to identify devices connected to the organization’s network and automatically (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Travis Smith. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/20-critical-security-controls-control-1-inventory-of-authorized-and-unauthorized-devices/

May 2, 2018May 2, 2018 Travis Smith asset management, control framework, Inventory Management, IT Security and Data Protection, security control, Security Controls
  • ← Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability
  • Unspecified GitHub Bug Internally Exposes Passwords in Plaintext →
Featured Blog

Enzoic

Automate Password Policy & NIST Password Guidelines

Enzoic

Old vs. New Methods for Employee Password Hardening

Enzoic

Shop Safely This Cyber Monday

Enzoic

Disney and the Password Reuse Problem

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

End-of-Life Devices Pose Data Breach Risk
Privacy Regs Changing the Face of Cybersecurity
TrueDialog Leaks 600GB of Personal Data, Affecting Millions
StrandHogg Pwns 80% of Android Phones; Google Fiddles While Platform Burns
Don’t (Geo)Fence Me In: Courts Order Google To Give Up Location Data
Ask the Experts: What are the biggest cyber security threats for 2020?
Biggest 2019 data breaches: Some of the worst of the worst
Unsecured Server with Private Data from Millions of SMS Messages Found Online
Facial recognition technology benefits: much more than unlocking smartphones
Book Review: Virus Bomb

Upcoming Webinars

Mon 09

Cloud Security – Keeping Serverless Data Safe

December 9 @ 11:00 am - 12:00 pm
Tue 10

Securing Mobile Apps, From the Inside Out

December 10 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Open Source Security: Weighing the Pros and Cons

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Why You Need PAM and VPAM in 2020
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

Why You Need PAM and VPAM in 2020

December 5, 2019 Tony Howlett | Yesterday 0
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

Are Passwords Now Passé?

December 4, 2019 Ori Eisen | 1 day ago 0
Quantum Computing Is Coming: Are You Cyber Ready?
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Quantum Computing Is Coming: Are You Cyber Ready?

December 3, 2019 Timothy Hollebeek | 2 days ago 0

Top Stories

StrandHogg Pwns 80% of Android Phones; Google Fiddles While Platform Burns
Cybersecurity Data Security Featured Malware Mobile Security News Security Awareness Security Boulevard (Original) Spotlight 

StrandHogg Pwns 80% of Android Phones; Google Fiddles While Platform Burns

December 3, 2019 Richi Jennings | 2 days ago 0
TrueDialog Leaks 600GB of Personal Data, Affecting Millions
Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance News Security Boulevard (Original) Spotlight 

TrueDialog Leaks 600GB of Personal Data, Affecting Millions

December 2, 2019 Richi Jennings | 3 days ago 0
But Their Emails: Many 2020 Campaigns Still Risk Phishing Attacks
Application Security Cybersecurity Data Security Featured Identity & Access Mobile Security News Security Awareness Security Boulevard (Original) Spotlight 

But Their Emails: Many 2020 Campaigns Still Risk Phishing Attacks

November 29, 2019 Richi Jennings | Nov 29 0

Security Humor

via   the comic delivery system monikered  Randall Munroe  at  XKCD !

XKCD, Group Chat Rules

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.