Thursday, January 21, 2021
  • BullPhish ID is Fully Revamped and Raring to Go
  • Analyze Attacker Behavior, Endpoint Detection Anomalies with LogRhythm and Carbon Black  
  • Windows Certificate Export: Detections Inspired by the SolarWinds Compromise
  • Top 10 Best Practices for Zero Trust IoT Manufacturing
  • DEF CON 28 Safe Mode IoT Village – Jonathan Stines’ ‘Learning To Use Logic Analyzers’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Jumpstarting Your Cyberdefense Machine with CIS Controls V7

Jumpstarting Your Cyberdefense Machine with CIS Controls V7

by Maurice Uenuma on May 17, 2018

Amidst the volatility, uncertainty and noise of the cybersecurity field, few best practice frameworks have emerged as consistently reliable and useful as the Center for Internet Security (CIS) Security Controls. Recently updated as version 7.0, the CIS Controls represent the most important security controls that an organization must implement to secure its data, information systems and operational technology.

The wide recognition of this framework as a de facto standard of care for cybersecurity is based on several key attributes.

CIS Controls – Essential and foundational

The CIS Controls take a “must do first” approach to the challenge of securing information systems. Starting with basic controls, such as knowing what’s connected to your network and what’s running on your systems, the Controls advance to more refined controls such as maintaining secure configurations and tight control over administrative rights before tackling the complexities of intrusion detection and incident response. In this way, the CIS Controls take a building block approach to cybersecurity, outlining a roadmap that all organizations can follow.

These are essential and foundational controls without which no cybersecurity program can be effective. While there are many more controls that can be implemented with an even broader range of technical capabilities that can be deployed, the focus remains on those controls that matter most. Many experts have suggested that successfully implementing even the first five or six Controls will mitigate 85% or more of cybersecurity incidents. This prioritization and focus can improve effectiveness while eliminating waste and maximizing the return on cybersecurity investments.

Wisdom of the crowds

CIS does not develop these Controls in isolation. Rather, CIS engages a diverse group of cybersecurity practitioners from government, industry and academia in a variety of roles. The breadth of perspectives, representing the various needs and constraints of a cross section of sectors, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Maurice Uenuma. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/security-controls/jumpstarting-your-cyberdefense-machine-with-cis-controls-v7/

May 17, 2018May 17, 2018 Maurice Uenuma CIS, Cybersecurity, Security Controls
  • ← 3 Ways Efail Parallels the Need for Machine Identity Protection
  • 3 Most Common and Risky Insider Security Behaviors →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Pam Sornson, JD – Contributed Writer

IAM Best Practices For DevOps

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Hackers Calling Fair Game on Healthcare Institutions
Capitol Rioters ID’ed With Help From Dating Apps
Managing Identities and Entitlements to Secure the Public Cloud 
Is MDR Cybersecurity Training an Oxymoron?
Bringing Source Code Security Up to Speed
Unemployment Benefits Claims Fraud: New Threats for 2021
Hackers Leaked 22 Million Records on the Dark Web in 2020
Private AI Research Institute | Avast
Digital identities for the new world
DEF CON 28 Safe Mode IoT Village – Deral Heiland’s ‘Getting Started Building An IoT Hardware Hacking Lab’

Upcoming Webinars

Mon 25

Security Challenges and Opportunities of Remote Work

January 25 @ 1:00 pm - 2:00 pm
Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 09

How 2020’s Top 5 Attacks Reveal the Coming Cyberthreats in 2021

February 9 @ 1:00 pm - 2:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm
Feb 11

How to Merge AppSec and DevOps Effectively for the Good of Software

February 11 @ 3:00 pm - 4:00 pm
Feb 17

Finding and Preventing Secrets in Code

February 17 @ 3:00 pm - 4:00 pm
Feb 18

Protecting Sensitive Customer Data in the New Remote Agent Environment

February 18 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

3 Cybersecurity Challenges for Remotely Operating Critical Systems
Application Security Cybersecurity Endpoint Identity & Access Industry Spotlight Network Security Security Awareness Security Boulevard (Original) 

3 Cybersecurity Challenges for Remotely Operating Critical Systems

January 21, 2021 Bill Moore | Yesterday 0
Privilege Abuse: Don’t Let Employee Access ‘Level Up’
CISO Suite Cybersecurity Data Security Endpoint Identity & Access Industry Spotlight Security Boulevard (Original) 

Privilege Abuse: Don’t Let Employee Access ‘Level Up’

January 21, 2021 Torsten George | Yesterday 0
How Utilities Can Mitigate Cyberthreats
Cybersecurity Industry Spotlight Security Boulevard (Original) 

How Utilities Can Mitigate Cyberthreats

January 20, 2021 David Goddard | 1 day ago 0

Top Stories

Trump Hates Cloud, Because China Cyber?
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight Threat Intelligence 

Trump Hates Cloud, Because China Cyber?

January 21, 2021 Richi Jennings | Yesterday 0
Capitol Rioters ID’ed With Help From Dating Apps
Cyberlaw Cybersecurity Featured Incident Response Mobile Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

Capitol Rioters ID’ed With Help From Dating Apps

January 18, 2021 Richi Jennings | 3 days ago 0
Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?
Analytics & Intelligence Cybersecurity Featured Incident Response Malware Mobile Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?

January 15, 2021 Richi Jennings | Jan 15 0

Security Humor

via the comic delivery system monikered Randall Munroe resident at XKCD !

XKCD ‘Solar System Compression Artifacts’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.