2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

Using the 18 CIS Critical Security Controls to Drive Cybersecurity Priorities

Using the 18 CIS Critical Security Controls to Drive Cybersecurity Priorities
Converge Technology Solutions – Dan Gregory
The cybersecurity industry often emphasizes the need to adapt to a continuously changing threat landscape, and one way to manage this complexity is through the Center for Internet Security (CIS) Critical Security Controls.
These 18 controls serve as foundational best practices for cybersecurity professionals worldwide.
The CIS Controls provide a prioritized framework to help businesses build a robust cybersecurity position and are complementary to various cybersecurity frameworks, standards, and guidelines.
They can be visualized as interconnected domains in a honeycomb structure, where weaknesses in any area can affect overall security.
Here are the grouped CIS Control categories alongside their focus areas:
**Asset Management** (Controls 1, 2, 4, 7): Foundation for effective cybersecurity, ensuring correct software and hardware management.
**Data Protection** (Controls 3, 5, 6, 11): Protecting the most valuable and vulnerable asset in a network, focusing on classification, access, and recovery.
**Network Visibility and Awareness** (Controls 8, 17, 18): Utilizing SIEM solutions to monitor, detect, and respond to network anomalies and security incidents.
**Communication Channel Safeguards** (Controls 9, 10, 14): Securing communication channels such as email and web activity to prevent attacks through these vectors.
**Traffic Management** (Controls 12, 13): Monitoring and maintaining network traffic and infrastructure for security and efficiency.
**Directing Third-Party Risk** (Control 15): Managing and understanding the interconnected security practices of all third-party engagements.
**Securing Application Development** (Control 16, optional): For companies involved in software development, this control is crucial for securing the software development lifecycle.
Understanding and implementing the CIS Controls can guide organizations to strategically address their cybersecurity priorities, identify their strengths and vulnerabilities, and ultimately advance their security posture.
This strategic approach is key in interpreting and utilizing other regulatory frameworks and methodologies related to cybersecurity.
Link: https://convergetp.com/2023/11/02/cis-critical-security-controls-drive-cybersecurity-priorities/

Categories:

Tags: