Friday, March 31, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Elastic Unfurls Cloud Security Platform for AWS
  • APIs: Driving Innovation, Fueling Security Significance
  • Twitter Presses GitHub to Turn Over User Who Leaked Source Code
  • Sophisticated 3CX Software Supply Chain Attack Affects Millions of Users
  • API Attacks Rise 400% in Last Six Months
Security Bloggers Network 

Home » Security Bloggers Network » Two-Thirds of Organizations Don’t Use Hardening Benchmarks to Establish a Secure Baseline, Report Reveals

SBN

Two-Thirds of Organizations Don’t Use Hardening Benchmarks to Establish a Secure Baseline, Report Reveals

by Ray Lapena on August 9, 2018

The Center for Internet Security’s Critical Security Controls (“the CIS Controls”) are incredibly useful in helping organizations defend themselves against digital threats. By adopting the first five controls alone, it’s possible for companies to prevent 85 percent of attacks. Adopting all 20 controls can prevent as much as 97 percent of attacks.

TechStrong Con 2023Sponsorships Available

Unfortunately, a majority of organizations still haven’t implemented industry standards like the CIS Controls into their security strategies. That’s one of the findings from Tripwire’s State of Cyber Hygiene report. The survey found that two-thirds of organizations do not use hardening benchmarks like CIS or Defense Information Systems Agency (DISA) guidelines to establish a secure baseline.

Tim Erlin, vice president of product management and strategy at Tripwire, said this finding wasn’t expected:

These industry standards are one way to leverage the broader community, which is important with the resource constraints that most organizations experience. It’s surprising that so many respondents aren’t using established frameworks to provide a baseline for measuring their security posture. It’s vital to get a clear picture of where you are so that you can plan a path forward.

For the report, Tripwire surveyed 306 IT security professionals in July 2018 in partnership with Dimensional Research to examine how organizations are implementing security controls that the Center for Internet Security (CIS) refers to as “Cyber Hygiene.” Specifically, Tripwire’s State of Cyber Hygiene explored how organizations are implementing security practices related to network visibility, vulnerability management, configuration management, administrative privileges and logging.

Given the lacking adoption of the CIS Controls and other hardening benchmarks, it’s not surprising the survey found that organizations were falling short in many of those key areas identified above, as well:

  • More than half (57 percent) of respondents said it takes hours, weeks, months or longer to detect new (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Ray Lapena. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/security-hardening/organizations-hardening-benchmarks-secure-baseline/

August 9, 2018August 9, 2018 Ray Lapena Benchmarks, CIS, hardening, security, Security Hardening
  • ← That’s Right, We are Playing Both Sides of the Key Management Game:
  • Researchers aim to befuddle cybercriminals with defensive WWII fighter pilot trick →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

ChatGPT Less Convincing Than Human Social Engineers in Phishing Attacks
Should You Have Security Concerns When Partnering With a Third Party?
Business Email Compromise Threats Soar Past Phishing Risks
Survey Surfaces Need to Change SecOps Priorities
AI/ML’s Role in Software Supply Chain Security
USENIX Security ’22 – ‘QuORAM: A Quorum-Replicated Fault Tolerant ORAM Datastore’
🧪 Lit + WebR + Observable Plot: Linking Lit’s Lightweight Web Components And WebR For Vanilla JS Reactivity & JS DataVis
SANS First Look Report: Self-Supervised Learning Cybersecurity Platform for Threat Detection
Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist
VS Code hack shows how supply chain attacks can extend to other software development tools

Upcoming Webinars

Apr 04

Key Strategies for a Secure and Productive Hybrid Workforce

April 4 @ 1:00 pm - 2:00 pm
Apr 05

Securing Kubernetes With SentinelOne and AWS

April 5 @ 1:00 pm - 2:00 pm
Apr 05

From Vulnerable to Invincible: The Five-Step Journey to Complete Cloud Security

April 5 @ 3:00 pm - 4:00 pm
Apr 12

The State of Cloud-Native Security 2023

April 12 @ 1:00 pm - 2:00 pm
Apr 13

Case Study: Improving Code Security With Continuous Software Modernization

April 13 @ 11:00 am - 12:00 pm
Apr 20

Lessons From a Live Hack: Secure Your Cloud From the Inside

April 20 @ 3:00 pm - 4:00 pm
Apr 24

Securing Open Source

April 24 @ 1:00 pm - 2:00 pm
May 03

https://webinars.securityboulevard.com/ciso-panel-tips-for-optimizing-cloud-native-security-stack-in-2023?utm_campaign=2023.05.03_Aqua_Webinar_SB&utm_source=BMRegister

May 3 @ 3:00 pm - 4:00 pm
May 22

Ransomware

May 22 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight IoT & ICS Security Malware Mobile Security Most Read This Week Network Security News Popular Post Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?

March 17, 2023 Richi Jennings | Mar 17 0
White House to Regulate Cloud Security: Good Luck With That
Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Security Operations Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

White House to Regulate Cloud Security: Good Luck With That

March 13, 2023 Richi Jennings | Mar 13 0
‘Extraordinary, Egregious’ Data Breach at House and Senate
Analytics & Intelligence API Security Application Security CISO Suite Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Extraordinary, Egregious’ Data Breach at House and Senate

March 10, 2023 Richi Jennings | Mar 10 0

Top Stories

Elastic Unfurls Cloud Security Platform for AWS
Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Elastic Unfurls Cloud Security Platform for AWS

March 31, 2023 Michael Vizard | 1 hour ago 0
Twitter Presses GitHub to Turn Over User Who Leaked Source Code
Cloud Security Cybersecurity Data Security Featured Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Vulnerabilities 

Twitter Presses GitHub to Turn Over User Who Leaked Source Code

March 31, 2023 Teri Robinson | 1 hour ago 0
API Attacks Rise 400% in Last Six Months
Application Security Cybersecurity Endpoint Featured Malware News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

API Attacks Rise 400% in Last Six Months

March 31, 2023 Bill Doerrfeld | 2 hours ago 0

Security Humor

Randall Munroe’s XKCD ‘Qualifications’

Randall Munroe’s XKCD ‘Qualifications’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.