Saturday, August 17, 2019
  • OWASP Appsec Tel Aviv 2019, Nancy Garche’s & Tanya Janca’s ‘DevSecOps With OWASP Devslop’
  • XKCD, ‘Serena Versus The Drones’
  • OWASP Appsec Tel Aviv 2019, Sasha Rosenbaum’s ‘Can We Automate Security?’
  • Auth0® vs Azure® AD
  • Morphisec vs. the Microsoft CTF Exploit: Twenty Year Old Design Flaw No Match for Morphisec

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Security Bloggers Network 

Home » Cybersecurity » Data Security » 20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

by Travis Smith on May 2, 2018

Today, I will be going over Control 1 from version 7 of the top 20 CIS Controls – Inventory and Control of Hardware Assets. I will go through the eight requirements and offer my thoughts on what I’ve found.

Key Takeaways for Control 1

  • Start small. This is going to be a control that will need to be continually revisited as you mature the security operations of the organization. Many of these requirements can be done with free tools and managed with simple spreadsheet software. As the organization grows and more controls are implemented, these become more complex and integrate tightly with other requirements throughout the entire suite of CIS security controls.
  • Ask for guidance from vendors. Many of these requirements are core capabilities of vendors you already have in your environment. Bring up integrations with various other tools to unlock the full potential of the dollars you already spent.
  • Use standardized data formats. Unfortunately, other controls list out standardized data formats such as SCAP. As you begin scanning and gathering data, use common data formats that more complex tools utilize so you don’t need to lose valuable data when deploying new tools.

Requirement Listing for Control 1

1. Utilize an Active Discovery Tool

Description: Utilize an active discovery tool to identify devices connected to the organization’s network and update the hardware asset inventory.

Notes: By active discovery, they mean scanning the network to be able to find devices, such as a ping sweep. A quick win is using NMAP to do just that. However, once you get down to Control 3, you can use your vulnerability scanning tools to discover devices for you.

2. Use a Passive Asset Discovery Tool

Description: Utilize a passive discovery tool to identify devices connected to the organization’s network and automatically (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Travis Smith. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/20-critical-security-controls-control-1-inventory-of-authorized-and-unauthorized-devices/

May 2, 2018May 2, 2018 Travis Smith asset management, control framework, Inventory Management, IT Security and Data Protection, security control, Security Controls
  • ← Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability
  • Unspecified GitHub Bug Internally Exposes Passwords in Plaintext →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Busted: Kaspersky AV Tracks Your Every Click
WhiteHat Report: DevSecOps Adoption on the Rise
Businesses Now the Hot Ransomware Target
Solving Cloud Security Complexity With Visibility, Automation
FBI Orders Up Social Media Monitoring Tool
Capital One Data Breach: A reminder to lock your back door
Avast and Stanford Research Shows Global Internet of Things | Avast
Amazon EBS snapshots exposed publicly leaking sensitive data in hundreds of thousands, security analyst reveals at DefCon 27
Building a Culture of Security: 73 articles Summarizing Black Hat USA 2019
CEO Cyber Quiz: What’s Your IT Security IQ?

Upcoming Webinars

Sep 05

Automating Container Security with AWS and Lacework

September 5 @ 2:00 pm - 3:00 pm
Sep 23

The Next Generation of Application Security

September 23 @ 1:00 pm - 2:00 pm
Oct 21

Open Source Security – Weighing the Pros and Cons

October 21 @ 1:00 pm - 2:00 pm
Nov 11

Trends in Threat Analysis

November 11 @ 1:00 pm - 2:00 pm
Dec 09

Cloud Security – Keeping Serverless Data Safe

December 9 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

7 Reasons Why CISOs Should Care About DevSecOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

What Unique Cloud Document Indicators Can Reveal About Data Loss Risk
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

What Unique Cloud Document Indicators Can Reveal About Data Loss Risk

August 16, 2019 Salvatore Stolfo | Yesterday 0
Protecting Against Spear Phishing Attacks: A Guide
Cybersecurity Industry Spotlight Security Boulevard (Original) Social Engineering 

Protecting Against Spear Phishing Attacks: A Guide

August 15, 2019 Lior Gavish | 2 days ago 0
The Cloud, Outages and You: Who’s Responsible for What?
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

The Cloud, Outages and You: Who’s Responsible for What?

August 14, 2019 Avi Aharon | 3 days ago 0

Top Stories

Busted: Kaspersky AV Tracks Your Every Click
Application Security Cybersecurity Data Security Endpoint Featured Malware Network Security News Security Boulevard (Original) Spotlight 

Busted: Kaspersky AV Tracks Your Every Click

August 16, 2019 Richi Jennings | Yesterday 0
WhiteHat Report: DevSecOps Adoption on the Rise
Cybersecurity DevOps Featured News Security Boulevard (Original) Spotlight 

WhiteHat Report: DevSecOps Adoption on the Rise

August 13, 2019 Michael Vizard | 4 days ago 0
Screwed Drivers: Windows Third-Party Device Code is Huge Mess
Cybersecurity Data Security Endpoint Featured Malware News Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Screwed Drivers: Windows Third-Party Device Code is Huge Mess

August 12, 2019 Richi Jennings | Aug 12 0

Security Humor

via  the comic delivery system monikered  Randall Munroe  at  XKCD !

XKCD, ‘Serena Versus The Drones’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

WAF Signal Sciences application firewall security

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.