In cybersecurity, technical solutions receive most of the attention. Organizations understandably want to know which firewall, EDR, or WAF they need to buy to keep their users, assets, and data safe from cyber attacks.

And while technical security solutions are undeniably important, they aren’t the whole story. Organizations that need to protect against even moderately sophisticated attacks — which is most organizations — must go beyond technical controls to consider the people and processes involved in cybersecurity.

That’s where the CIS Organizational Controls come in.

What are the CIS Organizational Controls?

The CIS Controls are broken down into three tiers:

  • Six Basic Controls

  • Ten Foundational Controls

  • Four Organizational Controls

Once the Basic and Foundational Controls are implemented, organizations will have a solid set of technical security controls in place. Even without implementing the final four controls, this will be enough to protect against the vast majority of cyber attacks.

(Read more...)