Saturday, June 10, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • BSidesSF 2023 - Eric Chiang, Brandon Weeks - Scalable Security: How To Win Friends And Not Burn Out Everyone
  • Holistic API Security Strategy for 2023
  • Digital Trust & Safety Roundup: New product features, insights from Sift’s CMO, and lessons from digital native companies
  • Risk Registers: The Ultimate Guide with Examples & Template
  • Coverage Advisory for CVE-2023-34362 MOVEit Vulnerability
Data Security Security Bloggers Network 

Home » Cybersecurity » Data Security » 20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

SBN

20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

by Travis Smith on May 2, 2018

Today, I will be going over Control 1 from version 7 of the top 20 CIS Controls – Inventory and Control of Hardware Assets. I will go through the eight requirements and offer my thoughts on what I’ve found.

Cloud Native Now

Key Takeaways for Control 1

  • Start small. This is going to be a control that will need to be continually revisited as you mature the security operations of the organization. Many of these requirements can be done with free tools and managed with simple spreadsheet software. As the organization grows and more controls are implemented, these become more complex and integrate tightly with other requirements throughout the entire suite of CIS security controls.
  • Ask for guidance from vendors. Many of these requirements are core capabilities of vendors you already have in your environment. Bring up integrations with various other tools to unlock the full potential of the dollars you already spent.
  • Use standardized data formats. Unfortunately, other controls list out standardized data formats such as SCAP. As you begin scanning and gathering data, use common data formats that more complex tools utilize so you don’t need to lose valuable data when deploying new tools.

Requirement Listing for Control 1

1. Utilize an Active Discovery Tool

Description: Utilize an active discovery tool to identify devices connected to the organization’s network and update the hardware asset inventory.

Notes: By active discovery, they mean scanning the network to be able to find devices, such as a ping sweep. A quick win is using NMAP to do just that. However, once you get down to Control 3, you can use your vulnerability scanning tools to discover devices for you.

2. Use a Passive Asset Discovery Tool

Description: Utilize a passive discovery tool to identify devices connected to the organization’s network and automatically (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Travis Smith. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/20-critical-security-controls-control-1-inventory-of-authorized-and-unauthorized-devices/

May 2, 2018May 2, 2018 Travis Smith asset management, control framework, Inventory Management, IT Security and Data Protection, security control, Security Controls
  • ← Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability
  • Unspecified GitHub Bug Internally Exposes Passwords in Plaintext →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Sat 10

Simplify, Secure, Strengthen: Implementing Zero-Trust Across Your Endpoints

May 17 @ 1:00 pm - July 12 @ 2:00 pm
Tue 13

Uncovering the Hidden Cybersecurity Threat in Your Organization

June 13 @ 1:00 pm - 2:00 pm
Wed 14

Enrich Security Investigations With ServiceNow Asset Data in Snowflake

June 14 @ 3:00 pm - July 24 @ 4:00 pm
Thu 15

Securing Containers & Kubernetes With AWS And Calico

June 15 @ 3:00 pm - 4:30 pm
Thu 22

Strange Bedfellows: Software, Security and the Law

June 22 @ 11:00 am - 12:00 pm
Thu 22

Sneak Peek: Cloud Security Prioritized With Sonrai

June 22 @ 1:00 pm - 2:00 pm
Thu 22

Unleash the Potential of Your Log and Event Data, Including AI’s Growing Impact

June 22 @ 3:00 pm - 4:00 pm
Jul 24

Identity and Access Management

July 24 @ 1:00 pm - 2:00 pm
Feb 12

Ransomware

February 12, 2024 @ 1:00 pm - 2:00 pm
Mar 11

Securing Open Source

March 11, 2024 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

The FBI Could Help Retrieve Your Data After a Ransomware Attack
Netflix: Is Password-Sharing a Crime?
Pics AND it Didn’t Happen: Sex Deepfake FBI Alert
OSINT For and Against Fraudsters: Two Sides of the Same Coin
Lacework Adds Ability to Manage and Secure Cloud Identities
“Caffeine” Phishing Service Domains, Patterns Still Heavily Used After Store Seemingly Defunct
CVE-2023-34362 – MOVEit Transfer – An attack chain that retrieves sensitive information
Overview of Ransomware Solutions from Protection to Detection and Response
PCWorld: Tons of Gigabyte motherboards come with a hidden firmware backdoor
The Updated OWASP API Security Top 10 for 2023 is Here

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

Dark Web Threats Target Energy Industry as Cybercrime Tactics Shift
Analytics & Intelligence Cybersecurity Governance, Risk & Compliance Industry Spotlight IoT & ICS Security Malware Security Boulevard (Original) Threat Intelligence 

Dark Web Threats Target Energy Industry as Cybercrime Tactics Shift

June 2, 2023 Nathan Eddy | Jun 02 0
‘Predator’ — Nasty Android Spyware Revealed
Analytics & Intelligence API Security Cyberlaw Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Predator’ — Nasty Android Spyware Revealed

May 30, 2023 Richi Jennings | May 30 0
Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift
Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Industry Spotlight News Security Boulevard (Original) Spotlight 

Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift

May 23, 2023 Michael Vizard | May 23 0

Top Stories

Cyera Taps Microsoft OpenAI Service to Improve Data Security
Cybersecurity Data Security Featured Governance, Risk & Compliance News Security Boulevard (Original) Spotlight 

Cyera Taps Microsoft OpenAI Service to Improve Data Security

June 9, 2023 Michael Vizard | Yesterday 0
Sentra Adds Tool for Redacting Generative AI Prompts
Application Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight 

Sentra Adds Tool for Redacting Generative AI Prompts

June 9, 2023 Michael Vizard | Yesterday 0
Identity Security a Top Priority as Threats Evolve
Analytics & Intelligence Cloud Security Cybersecurity Data Security Featured Identity & Access News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence 

Identity Security a Top Priority as Threats Evolve

June 9, 2023 Nathan Eddy | Yesterday 0

Security Humor

Randall Munroe’s XKCD ‘UFO Evidence’

Randall Munroe’s XKCD ‘UFO Evidence’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.

Cloud Capabilities Poll

Step 1 of 7

14%
What % of your production applications run in the Cloud? (Choose 1)
Which cloud platforms are in use in your company? (Select all that apply)
  • Modernize applications
  • Migrate additional workloads to the cloud
  • Improve DevOps performance
  • Ensure cloud workloads are sufficiently secured
  • Make your cloud implementation more cost efficient
  • Operate/Monitor the cloud environment more effectively
Very UncomfortableUncomfortableNeutralComfortableVery Comfortable
Cloud Architecture
Cloud Networking
Cloud Security
Cloud Cost Management
Containers and Kubernetes
DevOps
What do you consider cloud service companies that help organizations build and manage modern infrastructure solutions? (Choose 1)
Very UnlikelyUnlikelyNeutralLikelyVery Likely
Cloud architecture/design
Application prototyping
Build and Implementation
Ongoing monitoring and management
What is the size of your business or organization? (Choose 1)