In this episode, Curtis Dukes, executive vice president and general manager of the Center for Internet Security (CIS), explains the need for their Community Defense Model. He also details their process for designing their models as a non-profit organization.

Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm
Stitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcast
RSS: https://tripwire.libsyn.com/rss
YouTube: https://www.youtube.com/playlist?list=PLgTfY3TXF9YKE9pUKp57pGSTaapTLpvC3

Every cybersecurity practitioner knows that there are some guidelines that are “required reading” in the profession.  Advice that is freely offered by organizations such as the National Institute of Standards and Technology (NIST), the Open Web Application Security Project (OWASP), and the Center for Internet Security (CIS) is part of every information security library. When we think of CIS, our minds are often drawn to the most popular publications, The Critical Security Controls and the CIS Benchmarks. However, CIS has also recently released version 2.0 of the Community Defense Model (CDM). 

I recently had the opportunity to speak with Curtis Dukes about the CDM. Curt is the Executive Vice President and General Manager of the Center of Internet Security. He offered some interesting insights into the origins of the Critical Controls, the application of the Controls and Benchmarks, and how the CDM expands on all the good work of the CIS.

Tim Erlin: Curtis, thank you for taking the time to be here today.

Curtis Dukes: Thank you for inviting me.

TE: I wasn’t familiar with the Community Defense Model prior to our initial conversations, but I think it’s pretty interesting. Could you explain a little bit about the CDM?

CD: Yeah, I’d love to. The Community Defense Model has been in existence for a little over a year. The general theory behind the CDM is that we’d (Read more...)