Monday, July 23, 2018
  • The Shared Security Weekly Blaze – Lost and Stolen Devices, Instagram and SIM Hijacking, LabCorp Security Breach
  • The MITRE ATT&CK Framework: Initial Access
  • Digging for Security Bugs / Vulnerabilities in Python Applications
  • Cyber Security Roundup for July 2018
  • Robert M. Lee and Jeff Hass’ Little Bobby Comics – ‘Different Hats’

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Security Bloggers Network 

Home » Security Bloggers Network » Jumpstarting Your Cyberdefense Machine with CIS Controls V7

Jumpstarting Your Cyberdefense Machine with CIS Controls V7

by Maurice Uenuma on May 17, 2018

Amidst the volatility, uncertainty and noise of the cybersecurity field, few best practice frameworks have emerged as consistently reliable and useful as the Center for Internet Security (CIS) Security Controls. Recently updated as version 7.0, the CIS Controls represent the most important security controls that an organization must implement to secure its data, information systems and operational technology.

The wide recognition of this framework as a de facto standard of care for cybersecurity is based on several key attributes.

CIS Controls – Essential and foundational

The CIS Controls take a “must do first” approach to the challenge of securing information systems. Starting with basic controls, such as knowing what’s connected to your network and what’s running on your systems, the Controls advance to more refined controls such as maintaining secure configurations and tight control over administrative rights before tackling the complexities of intrusion detection and incident response. In this way, the CIS Controls take a building block approach to cybersecurity, outlining a roadmap that all organizations can follow.

These are essential and foundational controls without which no cybersecurity program can be effective. While there are many more controls that can be implemented with an even broader range of technical capabilities that can be deployed, the focus remains on those controls that matter most. Many experts have suggested that successfully implementing even the first five or six Controls will mitigate 85% or more of cybersecurity incidents. This prioritization and focus can improve effectiveness while eliminating waste and maximizing the return on cybersecurity investments.

Wisdom of the crowds

CIS does not develop these Controls in isolation. Rather, CIS engages a diverse group of cybersecurity practitioners from government, industry and academia in a variety of roles. The breadth of perspectives, representing the various needs and constraints of a cross section of sectors, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Maurice Uenuma. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/security-controls/jumpstarting-your-cyberdefense-machine-with-cis-controls-v7/

May 17, 2018May 17, 2018 Maurice Uenuma CIS, Cybersecurity, Security Controls
  • ← Confessions of a Risk Assessor: 6 Things to Know Before a Cyber Security Assessment
  • 3 Most Common and Risky Insider Security Behaviors →
Featured Blog

4 days ago

Why Drupalgeddon 2.0 May Still Be A Threat To Your Website

6 days ago

3 Essential Steps for Your Vulnerability Remediation Process

2 weeks ago

Best Practices for Open Source Governance

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Cyberespionage Campaign in Ukraine Uses Free and Custom RATs
Exposed: Exactis’ Database of 340 Million Consumer Records
McAfee to Advance Cybersecurity AI via the Cloud
Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password
Key Traits Employers Seek from Information Security Professionals
Rome Wasn’t Built in a Day, but This Botnet Was, Using CVE-2017-17215
Blackgear Cyber Espionage Campaign Abuses Blogs, Social Media Posts
Skype Classic to End Soon – Users Forced to Update to Skype 8
Drupal, Phishing and A New Cryptomining Botnet
Remove FBI Locker Ransomware – Restore PC

Upcoming Webinars

Tue 24

DevOps Security: Build-Time Identification of Security Issues — A case study with Jenkins, Docker, and AWS

July 24 @ 11:00 am - 12:00 pm
Thu 26

Draft and Develop: A Solution to the Cyber Security Skills Shortage

July 26 @ 11:00 am - 12:00 pm
Tue 31

Mastering Machine Learning for Security Professionals: A Discussion

July 31 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Four Current Threats Enterprises Can’t Ignore

CISO Conversations

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Key Traits Employers Seek from Information Security Professionals
Careers Cybersecurity Industry Spotlight Security Boulevard (Original) 

Key Traits Employers Seek from Information Security Professionals

July 20, 2018 Jane Thomson | 3 days ago 0
It’s Time to Rethink Privileged Account Management
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

It’s Time to Rethink Privileged Account Management

July 18, 2018 Mark Klinchin | Jul 18 0
Control, Defend and Extend Container Security
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Control, Defend and Extend Container Security

July 10, 2018 Kirsten Newcomer | Jul 10 0

Top Stories

Barracuda Networks Extends WAF Reach to Google Cloud Platform
Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

Barracuda Networks Extends WAF Reach to Google Cloud Platform

July 20, 2018 Michael Vizard | 2 days ago 0
Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password
Featured Identity & Access Network Security News Security Boulevard (Original) Spotlight Vulnerabilities 

Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password

July 20, 2018 Lucian Constantin | 2 days ago 0
McAfee to Advance Cybersecurity AI via the Cloud
Analytics & Intelligence Cybersecurity Featured News Security Boulevard (Original) Spotlight 

McAfee to Advance Cybersecurity AI via the Cloud

July 19, 2018 Michael Vizard | 3 days ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.