CIScontrols

The Center for Internet Security Controls (CIS Controls ) are a collection of cybersecurity best practices designed to help organizations protect their systems and data from cyber threats. These controls provide a structured approach to reducing risk regardless of the size of the organization. CIS Controls are globally recognized and are often used as a guide for establishing and strengthening a robust security strategy.

What are the CIS Controls?

CIS Controls are a set of 18 specific actions that organizations can take to secure their IT systems against the most common cyber threats. These controls were developed by the Center for Internet Security (CIS), a nonprofit organization dedicated to improving global cybersecurity. The controls are based on real-world insights and are constantly evolving to address emerging threats

The 18 CIS Controls are divided into three categories depending on an organization's level of priority and resources:

  1. Basic Controls (1-6): These are the essential actions every organization must implement to provide a basic level of protection.
  2. Foundational Controls (7-16): These controls build on the basic controls and provide deeper protection through more advanced measures.
  3. Organizational Controls (17-18): These controls focus on management and establishing a strong security culture within the organization.

The 18 CIS Controls

  1. Inventory of Managed AssetsProvide a detailed record of all hardware and devices on your network. This helps identify unauthorized devices and reduces the risk of unwanted access.
  2. Inventory of SoftwareKeep a list of all installed software and restrict the use of unauthorized applications. This prevents malicious or unwanted software from running on systems.
  3. Vulnerability ManagementPerform regular security scans to identify vulnerabilities in systems and applications and resolve them quickly through patches or updates.
  4. User Control with Administrative RightsRestrict and control who has administrative rights within the organization. This prevents unauthorized users from changing important system settings.
  5. User and Access ManagementProvide strict access management where each user has access only to the information and systems needed for their job.
  6. Managing Security ConfigurationsEstablish security configurations for hardware and software to minimize vulnerabilities. This includes, for example, firewall settings, password policies and encryption.
  7. Continuous Monitoring and LoggingEnsure that all systems are continuously monitored and logs are kept of activities. This helps to quickly identify suspicious activity.
  8. Malware ProtectionImplement and maintain malware protection programs to protect systems from viruses, worms, ransomware and other malicious software.
  9. Email and Web Browser SecurityProtectemail and browser systems from attacks such as phishing, drive-by downloads and exploits of outdated software.
  10. Backup and Recovery of DataEnsure regular backups of critical data and test recovery procedures to prevent data loss in the event of an incident.
  11. Secure Software ManagementApply security practices at every stage of software development, from design to deployment, to minimize vulnerabilities.
  12. Securing Network Ports, Protocols and ServicesManagenetwork access by closing unused ports and services and using only allowed protocols to reduce the likelihood of attacks.
  13. Data ProtectionImplement measures such as encryption and access control to protect sensitive information from unauthorized access and loss.
  14. Monitoring Network SecurityUsetools such as firewalls and intrusion detection systems to monitor network traffic and block potential attacks.
  15. Mobile Device SecurityImplementsecurity measures for mobile devices such as smartphones and tablets, including encryption and remote management, to protect sensitive data.
  16. Account Monitoring and ManagementMonitor user accounts and ensure that inactive accounts are quickly deleted or disabled to prevent unauthorized access.
  17. Implement a Security Awareness ProgramConduct regular training for employees to make them aware of cyber threats such as phishing and social engineering.
  18. Incident Response and ManagementDevelopand test a detailed incident response plan to quickly respond to cyber attacks and mitigate the impact.

The Importance of CIS Controls

CIS Controls help organizations systematically manage risk and strengthen their security. By implementing these controls, companies can protect themselves from the most common cyber threats, such as malware, phishing and attacks on vulnerable systems.

Key benefits of implementing CIS Controls:

  • Strengthened Security: CIS Controls provide a framework that helps organizations take the right measures to secure their IT systems.
  • Risk management: Organizations can better respond to potential risks and cyber-attacks by focusing on areas that are most vulnerable.
  • Compliancy: CIS Controls are in line with many international standards and regulations, such as the GDPR, NIST and ISO 27001, which helps ensure compliance with legal obligations.
  • Cost Efficiency: By prioritizing the most critical security measures, organizations can make effective use of their security budgets and resources.
dreamstime_xxl_126587946.jpg

CIS Controls in Practice

The CIS Controls can be easily adapted to the size and complexity of an organization. Smaller organizations can start with the basic controls (1-6) and expand their security programs over time, while larger companies can fully implement the controls.

CIS also offers tools, such as the CIS Controls Implementation Guide and CIS-CAT (CIS Configuration Assessment Tool), to help organizations assess their security level and easily implement the appropriate controls.

The Future of CIS Controls

Cyber threats continue to evolve, which is why CIS Controls also continue to evolve. New versions of the controls are released regularly to account for new technologies and emerging threats such as cloud security, artificial intelligence and Internet of Things (IoT). This means that organizations that follow the CIS Controls have access to the most up-to-date strategies to secure their networks and data.

Choose IRM360

With IRM360 you are assured a secure and compliant future in a scalable, practical and cost efficient way.

With our other management systems for Privacy, Business Continuity, Artificial Intteligence and Risk Awareness, among others, you easily expand your control at your pace.

Contact us today for more information or request an online demo of our software.

 

Click here to request an online demo.

dreamstime_xxl_34685949.jpg

ISO 27001

Meet information security requirements in a structured and simple manner

Read more

ISO27701 AVG.jpg

ISO 22301

Get your organization ready for Business Continuity certification!

Read more

Normen-ISMS-Cyber-Security.jpg

Cybersecurity Framework

Better protect your organization from cyber attacks through the NIST guidelines!

Read more

More about the IRM360 Management System?

Click here for more information!

We'd love to get in touch.

Email: sales@irm360.nl or fill out the contact form.