IoT (Internet of Things). BYOD (Bring Your Own Device). WFH (Work from Home). VM (Virtual Machine). OMGATAASTDMC (Oh My Goodness All These Acronyms Are Starting to Drive Me Crazy).
If you’re hearing a lot of acronyms in your professional conversations lately, you’re not alone. As technology blurs the line between the professional and the personal, it’s more important than ever that workplaces – wherever they are – develop a culture of cybersecurity.
A Multitude of Cybersecurity Framework Options
Infusing cybersecurity into the everyday culture of your organization can be challenging. There are multiple frameworks and security standards available to help: from the extensive technical guidance of the NIST Cybersecurity Framework (NIST CSF) to the specialized recommendations of PCI DSS (Payment Card Industry Data Security Standard) and FedRAMP (Federal Risk and Authorization Management Program). While these are all excellent frameworks, they can feel a bit intimidating to newcomers.
So, what’s a good way to begin? A prioritized approach to cybersecurity, starting with the most essential tasks and progressing to more sophisticated techniques, is one tactic. The CIS ControlsTMVersion 7 is one such approach.
CIS Controls: A Prioritized Approach
The CIS Controls are a set of 20 prioritized cybersecurity recommendations that can be used by any organization to improve its cybersecurity posture. Since 2008 the CIS Controls have been developed using a consensus-based approach involving discussion groups, forums, and community feedback. They are continuously updated and refined by a global volunteer community of cybersecurity experts – leaders in academia, industry, and government.
The launch of CIS Controls V7 in March 2018 was the result of feedback from a community of more than 300 individuals, developed over the course of a year, to align with the latest cyber threat data and reflect today’s current threat environment. We recognize that the cybersecurity world is constantly shifting and reacting to new threats and vulnerabilities, which often results in chaos and confusion about which steps to take in order to harden systems and data.
Implementing the CIS Controls
The 20 CIS Controls are prioritized to reflect the current threat landscape. Each contains sub-controls that are clear and precise, with a “one ask task” for each.
The CIS Controls are divided into three distinct categories in order to guide your organization on a cybersecurity journey:
- Basic (CIS Controls 1-6):Key controls which should be implemented in every organization for essential cyber defense readiness.
- Foundational (CIS Controls 7-16):The next step up from basic – these technical best practices provide clear security benefits and are a smart move for any organization to implement.
- Organizational (CIS Controls 17-20):These controls are different in character from 1-16; while they have many technical elements, CIS Controls 17-20 are more focused on people and processes involved in cybersecurity.
A Resource for All
The CIS Controls are a free cybersecurity best practices resource for any organization to download and implement. They provide clear, prioritized guidance to help organizations tackle the most pervasive cybersecurity threats.