20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets

Today, I will be going over Control 1 from version 7 of the top 20 CIS Controls – Inventory and Control of Hardware Assets. I will go through the eight requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 1 Start small. This is going to ... Read More

20 CIS Controls – Control 2: Inventory and Control of Software Assets

Today, I will be going over Control 2 from version 7 of the top 20 CIS Controls – Inventory and Control of Software Assets. I will go through the 10 requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 2 Let Control 1 be a driver ... Read More

20 Critical Security Controls: Control 4 – Controlled Use of Administrative Privileges

Today, I will be going over Control 4 from version 7 of the CIS top 20 Critical Security Controls – Controlled Use of Administrative Privileges. I will go through the nine requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 4 Get this control right. Attackers ... Read More

A Look Inside the April Update to the MITRE ATT&CK Framework

The MITRE ATT&CK Framework is an excellent resource when it comes to defining threat intelligence. The hundreds of techniques mapped across various tactics help define an adversary’s behaviors in enterprise networks. What’s better is that it provides prescriptive level guidance on how to both mitigate and detect the techniques. While ... Read More

20 Critical Security Controls: Control 5 – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

Today, I will be going over Control 5 from version 7 of the CIS top 20 Critical Security Controls – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. I will go through the five requirements and offer my thoughts on what I’ve found. Key Takeaways ... Read More

20 Critical Security Controls: Control 6 – Maintenance, Monitoring, and Analysis of Audit Logs

Today, I will be going over Control 6 from version 7 of the CIS top 20 Critical Security Controls – Maintenance, Monitoring, and Analysis of Audit Logs. I will go through the eight requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 6 Logs are the ... Read More

20 Critical Security Controls: Control 7 – Email and Web Browser Protections

Today, I will be going over Control 7 from version 7 of the CIS top 20 Critical Security Controls – Email and Web Browser Protections. I will go through the 10 requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 7 Why not block images from ... Read More

20 Critical Security Controls: Control 8 – Malware Defenses

Today, I will be going over Control 8 from version 7 of the CIS top 20 Critical Security Controls – Malware Defenses. I will go through the eight requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 8 Back to the basics. Install AV and run ... Read More

20 Critical Security Controls: Control 9 – Limitation and Control of Network Ports, Protocols, and Services

Today, I will be going over Control 9 from version 7 of the CIS top 20 Critical Security Controls – Limitation and Control of Network Ports, Protocols, and Services. I will go through the five requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 9 Reduce ... Read More

20 Critical Security Controls: Control 10 – Data Recovery Capabilities

Today, I will be going over Control 10 from version 7 of the CIS top 20 Critical Security Controls – Data Recovery Capabilities. I will go through the five requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 10 Backups can save your company. After getting ... Read More
Loading...