20 CIS Controls – Control 2: Inventory and Control of Software Assets
Today, I will be going over Control 2 from version 7 of the top 20 CIS Controls – Inventory and Control of Software Assets. I will go through the 10 requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 2 Let Control 1 be a driver ... Read More
20 Critical Security Controls: Control 4 – Controlled Use of Administrative Privileges
Today, I will be going over Control 4 from version 7 of the CIS top 20 Critical Security Controls – Controlled Use of Administrative Privileges. I will go through the nine requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 4 Get this control right. Attackers ... Read More
A Look Inside the April Update to the MITRE ATT&CK Framework
The MITRE ATT&CK Framework is an excellent resource when it comes to defining threat intelligence. The hundreds of techniques mapped across various tactics help define an adversary’s behaviors in enterprise networks. What’s better is that it provides prescriptive level guidance on how to both mitigate and detect the techniques. While ... Read More
20 Critical Security Controls: Control 5 – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Today, I will be going over Control 5 from version 7 of the CIS top 20 Critical Security Controls – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. I will go through the five requirements and offer my thoughts on what I’ve found. Key Takeaways ... Read More
20 Critical Security Controls: Control 6 – Maintenance, Monitoring, and Analysis of Audit Logs
Today, I will be going over Control 6 from version 7 of the CIS top 20 Critical Security Controls – Maintenance, Monitoring, and Analysis of Audit Logs. I will go through the eight requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 6 Logs are the ... Read More
20 Critical Security Controls: Control 7 – Email and Web Browser Protections
Today, I will be going over Control 7 from version 7 of the CIS top 20 Critical Security Controls – Email and Web Browser Protections. I will go through the 10 requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 7 Why not block images from ... Read More
20 Critical Security Controls: Control 8 – Malware Defenses
Today, I will be going over Control 8 from version 7 of the CIS top 20 Critical Security Controls – Malware Defenses. I will go through the eight requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 8 Back to the basics. Install AV and run ... Read More
20 Critical Security Controls: Control 9 – Limitation and Control of Network Ports, Protocols, and Services
Today, I will be going over Control 9 from version 7 of the CIS top 20 Critical Security Controls – Limitation and Control of Network Ports, Protocols, and Services. I will go through the five requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 9 Reduce ... Read More
20 Critical Security Controls: Control 10 – Data Recovery Capabilities
Today, I will be going over Control 10 from version 7 of the CIS top 20 Critical Security Controls – Data Recovery Capabilities. I will go through the five requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 10 Backups can save your company. After getting ... Read More
20 Critical Security Controls: Control 11 – Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches
Today, I will be going over Control 11 from version 7 of the CIS top 20 Critical Security Controls – Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches. I will go through the seven requirements and offer my thoughts on what I’ve found. Key Takeaways for Control ... Read More
