Saturday, November 17, 2018
  • DerbyCon 2018, Chris Sistrunk’s, Krypt3ia’s & SynAckPwn’s ‘WE ARE THE ARTILLERY: Using Google Fu To Take Down The Grids’
  • Beware: New wave of malware spreads via ISO file email attachments
  • Apple and Android updates 17th November 2018
  • Tis the Season to Check your SSL/TLS Cipher List Thrice (RCurl/curl/openssl)
  • The Armageddon Of Stupidity: SMS Password Management SNAFU

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Security Bloggers Network 

Home » Security Bloggers Network » Jumpstarting Your Cyberdefense Machine with CIS Controls V7

Jumpstarting Your Cyberdefense Machine with CIS Controls V7

by Maurice Uenuma on May 17, 2018

Amidst the volatility, uncertainty and noise of the cybersecurity field, few best practice frameworks have emerged as consistently reliable and useful as the Center for Internet Security (CIS) Security Controls. Recently updated as version 7.0, the CIS Controls represent the most important security controls that an organization must implement to secure its data, information systems and operational technology.

The wide recognition of this framework as a de facto standard of care for cybersecurity is based on several key attributes.

CIS Controls – Essential and foundational

The CIS Controls take a “must do first” approach to the challenge of securing information systems. Starting with basic controls, such as knowing what’s connected to your network and what’s running on your systems, the Controls advance to more refined controls such as maintaining secure configurations and tight control over administrative rights before tackling the complexities of intrusion detection and incident response. In this way, the CIS Controls take a building block approach to cybersecurity, outlining a roadmap that all organizations can follow.

These are essential and foundational controls without which no cybersecurity program can be effective. While there are many more controls that can be implemented with an even broader range of technical capabilities that can be deployed, the focus remains on those controls that matter most. Many experts have suggested that successfully implementing even the first five or six Controls will mitigate 85% or more of cybersecurity incidents. This prioritization and focus can improve effectiveness while eliminating waste and maximizing the return on cybersecurity investments.

Wisdom of the crowds

CIS does not develop these Controls in isolation. Rather, CIS engages a diverse group of cybersecurity practitioners from government, industry and academia in a variety of roles. The breadth of perspectives, representing the various needs and constraints of a cross section of sectors, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Maurice Uenuma. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/security-controls/jumpstarting-your-cyberdefense-machine-with-cis-controls-v7/

May 17, 2018May 17, 2018 Maurice Uenuma CIS, Cybersecurity, Security Controls
  • ← 3 Ways Efail Parallels the Need for Machine Identity Protection
  • 3 Most Common and Risky Insider Security Behaviors →
Featured Blog

Secure Code Warrior

Why financial institutions are leading the charge to upskill their developers in secure coding

Secure Code Warrior

Why SQL Injections Are The Cockroaches of the AppSec World (and how CISOs can eradicate them once and for all)

Secure Code Warrior

A Brighter Future For DevSecOps? It’s Closer Than You Think

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Microsoft and Adobe Patch Zero-Day Vulnerabilities
Convergence of Security, Networking Services Accelerates
The Top 5 Industries Grappling with Bad Bots
Move Over, Ransomware: Cryptojacking is the New Kid in Town
Juniper Networks: Cryptomining Exploit Targeting Docker Containers
Top Cybersecurity Threats & How the WAF Must Evolve to Address Them
SAP Security Notes November ‘18: The Mobile Client Side Menace
Announcing ProtonVPN for iOS – Free and unlimited VPN for iOS
Patch Your Microsoft Outlook: Fortinet Discovered Four Outlook Remote Code Execution Vulnerabilities
Red Team 101: Understanding Kali Linux

Upcoming Webinars

Tue 27

2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyber Defenses

November 27 @ 11:00 am - 12:00 pm
Thu 29

Cloud Security: What You Need to Know

November 29 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Mastering Machine Learning for Security Professionals

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

6 Best Practices to Make the Most of Your Sandbox Proof of Concept
Analytics & Intelligence Cybersecurity Industry Spotlight Security Boulevard (Original) Threat Intelligence 

6 Best Practices to Make the Most of Your Sandbox Proof of Concept

November 16, 2018 Ralf Hund | Yesterday 0
Move Over, Ransomware: Cryptojacking is the New Kid in Town
Cybersecurity Endpoint Industry Spotlight Security Boulevard (Original) 

Move Over, Ransomware: Cryptojacking is the New Kid in Town

November 15, 2018 Nick Bilogorskiy | 2 days ago 0
The Top 5 Industries Grappling with Bad Bots
Cybersecurity Industry Spotlight Malware Security Boulevard (Original) 

The Top 5 Industries Grappling with Bad Bots

November 13, 2018 Reid Tatoris | 4 days ago 0

Top Stories

Blackberry Acquires Cylance to Apply AI to IoT Cybersecurity
Analytics & Intelligence Cybersecurity Featured IoT & ICS Security News Security Boulevard (Original) Spotlight 

Blackberry Acquires Cylance to Apply AI to IoT Cybersecurity

November 16, 2018 Michael Vizard | Yesterday 0
Galaxy S9, iPhone X, Xiaomi Mi6 Devices Hacked at Pwn2Own Contest
DevOps Featured Mobile Security News Security Boulevard (Original) Spotlight Vulnerabilities 

Galaxy S9, iPhone X, Xiaomi Mi6 Devices Hacked at Pwn2Own Contest

November 16, 2018 Lucian Constantin | Yesterday 0
Alert Logic Adds Managed Threat Intelligence Service
Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Alert Logic Adds Managed Threat Intelligence Service

November 16, 2018 Michael Vizard | Yesterday 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.