The Center for Internet Security (CIS): Top 20 Critical Security Controls

Introduction

The cyber-threat landscape is constantly changing on a daily basis. Each cyberattack seems to get worse, more sophisticated and even more covert, making them that much more difficult to detect.

Each organization has its own unique security requirements. Therefore, what may work for one entity may not necessarily work for another. In other words, security models simply cannot be just replicated and expected to work the same each and every time. What is needed is a coherent and unified set of guiding principles and best practices.

One such example of principle is what is known as the “Center for Internet Security Critical Security Controls for Effective Cyber Defense.” This is the focus of this article.

The Goals of the Project

The primary thrust of this document is to give organizations a techno jargon free approach in order to fortify their lines of defenses, so that they do not become the next victim of a large-scale cyberattack, with a strong emphasis on using automated security technologies. The other four, overarching goals can be described as follows:

1. Make sure there is a strong balance between both cyber-offense and cyber-defense
2. Make sure that only the right security technologies are deployed, so that businesses and corporations can yield a very quick return on investment (ROI)
3. Implement security automation to the greatest extent possible
4. Utilize a team framework and unanimous consensus approach in order to keep the best Security interests of the organization in mind

The Top 20 Controls

This section will provide an overview into all 20 controls:

1. The Inventory and the Control of Hardware Assets

2. The Inventory and the Control of Software Assets

Although these are two independent controls, they are very often grouped together, because in many instances, the same concepts apply to both. In this set of controls, you (Read more...)