Saturday, September 22, 2018
  • XKCD, Unfulfilling Toys
  • Controlling User Access for HIPAA
  • GrrCon Augusta 2018, Danny Akacki’s ‘To Fail is Divine’
  • What Are Honeywords? Password Protection for Database Breaches
  • PMP®️ Domain Information & Overview

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Data Security Security Bloggers Network 

Home » Cybersecurity » Data Security » 20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

by Travis Smith on May 2, 2018

Today, I will be going over Control 1 from version 7 of the top 20 CIS Controls – Inventory and Control of Hardware Assets. I will go through the eight requirements and offer my thoughts on what I’ve found.

Key Takeaways for Control 1

  • Start small. This is going to be a control that will need to be continually revisited as you mature the security operations of the organization. Many of these requirements can be done with free tools and managed with simple spreadsheet software. As the organization grows and more controls are implemented, these become more complex and integrate tightly with other requirements throughout the entire suite of CIS security controls.
  • Ask for guidance from vendors. Many of these requirements are core capabilities of vendors you already have in your environment. Bring up integrations with various other tools to unlock the full potential of the dollars you already spent.
  • Use standardized data formats. Unfortunately, other controls list out standardized data formats such as SCAP. As you begin scanning and gathering data, use common data formats that more complex tools utilize so you don’t need to lose valuable data when deploying new tools.

Requirement Listing for Control 1

1. Utilize an Active Discovery Tool

Description: Utilize an active discovery tool to identify devices connected to the organization’s network and update the hardware asset inventory.

Notes: By active discovery, they mean scanning the network to be able to find devices, such as a ping sweep. A quick win is using NMAP to do just that. However, once you get down to Control 3, you can use your vulnerability scanning tools to discover devices for you.

2. Use a Passive Asset Discovery Tool

Description: Utilize a passive discovery tool to identify devices connected to the organization’s network and automatically (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Travis Smith. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/20-critical-security-controls-control-1-inventory-of-authorized-and-unauthorized-devices/

May 2, 2018May 2, 2018 Travis Smith asset management, control framework, Inventory Management, IT Security and Data Protection, security control, Security Controls
  • ← Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability
  • Unspecified GitHub Bug Internally Exposes Passwords in Plaintext →
Featured Blog

2 weeks ago

A Brighter Future For DevSecOps? It’s Closer Than You Think

1 month ago

Secure Code Dojo: How to Defeat SQL Injection

2 months ago

Why gamification is the key to leveling up your software security

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

A Chinese Affair: Theft of GlaxoSmithKline R&D
Our All White Male Panel Discusses Diversity in Cybersecurity – CISO/Security Vendor Relationship Podcast
NVR Software Flaw Threatens Thousands of Devices
Unusual IoT Botnet Removes Cryptomining Malware from Devices
Do You Have Security Champions in Your Company?
Your Business Should Be More Afraid of Phishing than Malware
The Internet of Things (IoT) and Digitally Stored PII: Avoidable or Inevitable? 
9 essential cybersecurity tips to protect your small business
Book Review: Malware Data Science
How to detect and remove a virus from your Android phone | Avast

Upcoming Webinars

Mon 24

Take a Bite Out of the Remediation Backlog

September 24 @ 11:00 am - 12:00 pm
Mon 24

CISO/Security Vendor Relationship Roundtable

September 24 @ 1:00 pm - 2:00 pm
Thu 27

The Trick to Passing Your Next Compliance Audit

September 27 @ 11:00 am - 12:00 pm
Oct 04

Securing the Code: DevOps Security and AppSec

October 4 @ 1:00 pm - 2:00 pm
Oct 18

Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You

October 18 @ 11:00 am - 12:00 pm
Oct 24

Operationalizing Data For Fraud Investigations

October 24 @ 1:00 pm - 2:00 pm
Oct 29

Seeing Red: Understanding Red Team Security

October 29 @ 1:00 pm - 2:00 pm
Nov 29

Cloud Security: What You Need to Know

November 29 @ 1:00 pm - 2:00 pm
Dec 13

Year-End Review/Predictions

December 13 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Main Pillars of The DevOps Toolchain

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Do You Have Security Champions in Your Company?
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Do You Have Security Champions in Your Company?

September 18, 2018 Shubham Vashist | 4 days ago 0
What the Healthcare Industry Needs: Cybersecurity Pros
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

What the Healthcare Industry Needs: Cybersecurity Pros

September 13, 2018 Tom Gilheany | Sep 13 0
Security Gets ‘Baked In’ at VMworld
DevOps Industry Spotlight Security Boulevard (Original) 

Security Gets ‘Baked In’ at VMworld

September 12, 2018 Tim Woods | Sep 12 0

Top Stories

French Government Open Sources Secure Operating System
Data Security DevOps Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

French Government Open Sources Secure Operating System

September 21, 2018 Lucian Constantin | Yesterday 0
Online Retailer Newegg Hit by Magecart Card Skimming Gang
Data Security Featured Malware News Security Boulevard (Original) Spotlight 

Online Retailer Newegg Hit by Magecart Card Skimming Gang

September 20, 2018 Lucian Constantin | 2 days ago 0
Unusual IoT Botnet Removes Cryptomining Malware from Devices
Featured IoT & ICS Security Malware News Security Boulevard (Original) Spotlight 

Unusual IoT Botnet Removes Cryptomining Malware from Devices

September 19, 2018 Lucian Constantin | 3 days ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.