Saturday, October 31, 2020
  • DEF CON 28 Safe Mode ICS Village – Austin Scott’s ‘5 Quick Wins For Improving ICS Cybersecurity Posture’
  • DEF CON 28 Safe Mode Biohacking Village – Quaddi’s & Replicant’s ‘How COVID19 Changed Cyber Disaster Medicine’
  • The Joy of Tech® ‘No Halloween This Year?’
  • DEF CON 28 Safe Mode BioHacking Village – Bill Hagestad’s ‘Chinese Military Lab Mission + COVID-19’
  • Four Days to the Election— Don’t Fall for These Phishing Scams

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Security Bloggers Network 

Home » Cybersecurity » Data Security » 20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

by Travis Smith on May 2, 2018

Today, I will be going over Control 1 from version 7 of the top 20 CIS Controls – Inventory and Control of Hardware Assets. I will go through the eight requirements and offer my thoughts on what I’ve found.

Key Takeaways for Control 1

  • Start small. This is going to be a control that will need to be continually revisited as you mature the security operations of the organization. Many of these requirements can be done with free tools and managed with simple spreadsheet software. As the organization grows and more controls are implemented, these become more complex and integrate tightly with other requirements throughout the entire suite of CIS security controls.
  • Ask for guidance from vendors. Many of these requirements are core capabilities of vendors you already have in your environment. Bring up integrations with various other tools to unlock the full potential of the dollars you already spent.
  • Use standardized data formats. Unfortunately, other controls list out standardized data formats such as SCAP. As you begin scanning and gathering data, use common data formats that more complex tools utilize so you don’t need to lose valuable data when deploying new tools.

Requirement Listing for Control 1

1. Utilize an Active Discovery Tool

Description: Utilize an active discovery tool to identify devices connected to the organization’s network and update the hardware asset inventory.

Notes: By active discovery, they mean scanning the network to be able to find devices, such as a ping sweep. A quick win is using NMAP to do just that. However, once you get down to Control 3, you can use your vulnerability scanning tools to discover devices for you.

2. Use a Passive Asset Discovery Tool

Description: Utilize a passive discovery tool to identify devices connected to the organization’s network and automatically (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Travis Smith. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/20-critical-security-controls-control-1-inventory-of-authorized-and-unauthorized-devices/

May 2, 2018May 2, 2018 Travis Smith asset management, control framework, Inventory Management, IT Security and Data Protection, security control, Security Controls
  • ← Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability
  • Unspecified GitHub Bug Internally Exposes Passwords in Plaintext →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Eric Kedrosky

7 Common Data Misconfigurations for Google Cloud Platform

Sonrai Security Marketing

What’s New In Gartner’s Hype Cycle For Cloud Security, 2020

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Ransomware’s Next Target: Backup Data
Therapy Center Hacked, 40,000 Patients Sent Ransom Demands
Cyber Awareness Training a Must for Third-Party Contractors
How To Cyber Security: Put the Sec in DevOps with Intelligent Orchestration
How the Past 6 Months Have Shaped ICS Risk
Top 7 Online Courses for a Successful Career in Cybersecurity
2020 DDoS Extortion Campaign — A Sequel More Thrilling Than the Original
OSINT Gathering Key to Keeping Up With Financial Crime
How To Cyber Security: Put the Sec in DevOps with Intelligent Orchestration
Introducing KubeLinter – an open source linter for Kubernetes

Upcoming Webinars

Nov 03

Cyber Threat Intelligence: Highlights and Trends for 2020

November 3 @ 9:00 am - 10:00 am
Nov 05

Modern Code Analysis Workflows for JavaScript

November 5 @ 11:00 am - 12:00 pm
Nov 10

The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers

November 10 @ 1:00 pm - 2:00 pm
Nov 11

Threats at the Kitchen Table: Balancing Security and Usability in Remote Workforces

November 11 @ 11:00 am - 12:00 pm
Nov 16

Pentest as a Service Impact 2020

November 16 @ 1:00 pm - 2:00 pm
Nov 17

Integrating Data Security into the DevSecOps Toolchain

November 17 @ 3:00 pm - 4:00 pm
Nov 18

Shifting Compliance and Security Left – Into the Hands of the Developers

November 18 @ 11:00 am - 12:00 pm
Nov 19

Protecting Mobile Apps and APIs from the Inside Out

November 19 @ 3:00 pm - 4:00 pm
Dec 07

The Battle for Container Security

December 7 @ 1:00 pm - 2:00 pm
Dec 14

Issues and Answers in Cloud Security

December 14 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

MS Teams: The Gateway Drug to Security Chaos
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

MS Teams: The Gateway Drug to Security Chaos

October 30, 2020 Frank Trovato | Yesterday 0
A Return to Logs to Unjam the Security Deficit
Analytics & Intelligence Cybersecurity Industry Spotlight Security Boulevard (Original) Threat Intelligence 

A Return to Logs to Unjam the Security Deficit

October 29, 2020 Albert Li | 2 days ago 0
How the Past 6 Months Have Shaped ICS Risk
Cybersecurity Industry Spotlight IoT & ICS Security Security Boulevard (Original) 

How the Past 6 Months Have Shaped ICS Risk

October 28, 2020 Amir Preminger | 3 days ago 0

Top Stories

Enso Previews Application Security Posture Management Platform
Application Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

Enso Previews Application Security Posture Management Platform

October 28, 2020 Michael Vizard | 3 days ago 0
Therapy Center Hacked, 40,000 Patients Sent Ransom Demands
Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response News Security Boulevard (Original) Spotlight Threats & Breaches 

Therapy Center Hacked, 40,000 Patients Sent Ransom Demands

October 27, 2020 Richi Jennings | 4 days ago 0
Fake News? Trump’s Twitter ‘Twice Hacked’
Application Security Cybersecurity Data Security Featured Identity & Access News Security Boulevard (Original) Spotlight Threats & Breaches 

Fake News? Trump’s Twitter ‘Twice Hacked’

October 23, 2020 Richi Jennings | Oct 23 0

Security Humor

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® !

The Joy of Tech® ‘No Halloween This Year?’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.